10.5.3  Identity Protection Program

Manual Transmittal

December 17, 2014

Purpose

(1) This transmits revised IRM section 10.5.3, Identity Protection Program

Material Changes

(1) Throughout the IRM beginning in IRM 10.5.3.1.2(1), references to PGLD, Office of Identity Protection have been updated to Identity Protection Strategy & Oversight.

(2) Editorial changes were made throughout this IRM.

(3) Deleted portions of IPU 14U1012 issued on 06-17-2014 - All sections directing only one TC 971 AC 522 PNDCLM or IRSID per entity module was rescinded. Each tax year affected by identity theft will reflect one PNDCLM or an IRSID. Attempts to apply more than one PNDCLM or IRSID per tax year will result in an unpostable which will be auto-deleted.

(4) IRM 10.5.3.1 added a cross reference to 10.5.3.2 IMF identity Theft Procedures and Definition.

(5) IRM 10.5.3.1.2.5(1) added You must also guard against unauthorized disclosures and verify you are talking to the taxpayer or their authorized representative and revised paragraph for clarity.

(6) IRM 10.5.3.1.3.3 revised subsection to state IPSO will develop and provide annual employee awareness training.

(7) IRM 10.5.3.2.9 added a reference to IRM Exhibit 10.5.3–4

(8) IRM 10.5.3.2.9.2 added a reference to IRM Exhibit 10.5.3–5

(9) IRM 10.5.3.2.11 added a cross reference to IRM 25.25.2.14, Identity Theft (IDT)/Operation Mass Mailing (OMM) Scheme Criteria.

(10) IRM 10.5.3.2.11.1(2), added Caution Command Code REQ77 will not accept a tax year that exceeds seven years old from the current date.

(11) IRM 10.5.3.2.13(4) Third Bullet – Removed CCC B and added F.

(12) IRM 10.5.3.2.14 added a reference to IRM Exhibit 10.5.3–17.

(13) IRM 10.5.3.2.15 (6) revised by adding a table displaying accounts that will be issued a CP01A or CP01F based upon the ID theft indicator. In (7) added an example of a for a taxpayer who uses the Opt-In program for an IP PIN.

(14) IRM 10.5.3.2.15.1 removed requirement to verify TP address prior to providing web pages to retrieve the original IP PIN.

(15) IRM 10.5.3.2.15.2 IP PIN OPT- IN Available For Designated Taxpayers Who Are Not ID Theft Victims added new section on IP PIN for taxpayers who filed for TY 2013 in FL, GA, or DC.

(16) IRM 10.5.3.2.16 updated section with references to IRM 25.25.2.14, Identity Theft (IDT)/Operation Mass Mailing (OMM) Scheme Criteria .

(17) IRM 10.5.3.2.18 added a note not to disclose the presence of TC 971 AC 504 with a Miscellaneous Field Codes SPCL1, SPCL2, RPM, and EAFAIL to the taxpayer. Added a reference to IRM Exhibit 10.5.3–6.

(18) IRM 10.5.3.2.18.1(2) added Caution Command Code REQ77 will not accept a tax year that exceeds seven years old from the current date.

(19) IRM 10.5.3.2.18.2(1) Added Caution When inputting a TC 971 AC 504 with a Miscellaneous Field Codes SPCL1, SPCL2, RPM, and EAFAIL, the Secondary Date field on will reflect the tax year to which the issue is related; Delete on after Secondary Date field.

(20) IRM 10.5.3.2.18.2 added a note not to disclose the presence of TC 971 AC 504 with a Miscellaneous Field Codes SPCL1, SPCL2, RPM, and EAFAIL to the taxpayer. Added: Beginning January 2015, TC 971 AC 504 SPCL2 will be applied to a taxpayer's account when the taxpayer alleges BMF ID theft that is affecting their SSN.

(21) 10.5.3.3.4.2 Individual Taxpayers Reporting to be Victims of Business-Related Identity Theft added guidance for individual taxpayers claiming to be victims of BMF identity theft.

(22) IRM 10.5.3.3.6 added a cross-reference to Exhibit 10.5.3-20.

(23) IRM 10.5.3.3.6.1 added a cross-reference to Exhibit 10.5.3-20.

(24) IRM 10.5.3.3.13 added a cross-reference to Exhibit 10.5.3-21.

(25) IRM 10.5.3.3.11(2) Added Reminder If you are requesting an adjustment action, all required forms and documentation must be included with your request.

(26) IRM Exhibit 10.5.3-4 (2) & (3) Added Caution, system will not accept a year more than 8 years from the current date. And added SBSE/ TEFRA/ INCOME, MULTFL, INCMUL, OTHER, NOFR, PRISNR, ALTRD, and DECD.

(27) IRM Exhibit 10.5.3-4(12) Added SBSE/ TEFRA/ INCOME, MULTFL, INCMUL, OTHER, NOFR, PRISNR, ALTRD, and DECD.

(28) IRM Exhibit 10.5.3-5(11) Added SBSE/ TEFRA/ TPRQ, IRSERR, IRSADM, FALSE, and OTHER.

(29) IRM Exhibit 10.5.3-6 Added Caution: Command Code REQ77 will not accept a date that exceeds seven years old from the current date under SECONDARY-DT.

(30) IRM Exhibit 10.5.3-6 Updated SPCL2 - Applied when a taxpayer is reporting to be a victim of BMF ID theft. The ID thief used the taxpayer's SSN to secure an EIN. Note: #Prior to Jan. 1, 2015, SPCL2 was used by AM and Compliance functions to flag Return Preparer Misconduct cases.

(31) IRM Exhibit 10.5.3-10(4) Added Caution Command Code REQ77 will not accept a tax year that exceeds seven years old from the current date. Also added LIST1 definition to AC 506 codes used by RICS.

(32) IRM Exhibit 10.5.3-10(9) Added SBSE/ TEFRA/ INCOME, MULTFL, INCMUL, OTHER, NOFR, PRISNR, and DECD to SBSE profile table.

(33) IRM Exhibit 10.5.3-11 Added SBSE/ TEFRA/TPRQ, IRSERR, IRSADM, OTHER, and FALSE to SBSE profile table.

(34) IRM Exhibit 10.5.3-12 (13) Added SBSE/ TEFRA/INCOME, MULTFL, INCMUL, OTHER, NOFR, PNDCLM, IRSID, and UNWORK.

(35) IRM Exhibit 10.5.3-13 Added SBSE/ TEFRA/ TPRQ, IRSERR, IRSADM, FALSE, NOIDT, NORPLY, and OTHER to SBSE profile table.

(36) IRM Exhibit 10.5.3-17(3) Added Note: When reversing the AC 524 because there is no date of death use “IRSERR” as the Tax Administration Source Code.

(37) IRM Exhibit 10.5.3-17(4) Added WI/ AMADJ/ IRSERR to the TC 972 AC 524 Tax Administration Source Codes table for WI.

(38) IRM Exhibit 10.5.3-18(1) Added TEGE to BMF Acronyms and Definitions BOD Table.

(39) IRM Exhibit 10.5.3-18(2) Added EXCISE and TEFRA to the Function / Definition table.

(40) IPU 14U1012 issued 06-17-2014 - all references to inputting only one TC 971 AC 522 PNDCLM or TC 971 AC 522 IRSID per entity module were removed. Employees will apply one TC 971 AC 522 PNDCLM or TC 971 AC 522 IRSID, as applicable per tax year impacted by identity theft.

(41) IPU 14U0166 issued 01-23-2014 IRM 10.5.3.2.15, Identity Protection Personal Identification Number (IP PIN) removed references to CP01F as program has been postponed.

(42) IPU 14U0166 issued 01-23-2014 IRM 10.5.3.2.15.1, Lost, Misplaced or Non-Receipt of IP PIN clarified IP PIN replacement procedures.

(43) IPU 14U0166 issued 01-23-2014 IRM 10.5.3.2.18, IMF TC 971 AC 504 made editorial revision.

(44) IPU 14U0166 issued 01-23-2014 IRM 10.5.3.2.18.2, TC 971 AC 504 - Miscellaneous Field Code SPCL1, SPCL2, RPM, and EAFAIL added caution when inputting REQ77 the secondary date must carry the tax year in question. Also added cross-reference to IRM 21.2.1.40.2, Taxpayer Fails High Risk Disclosure during AGI Request for SPCL1 marked accounts.

(45) IPU 14U0166 issued 01-23-2014 IRM 10.5.3.2.19.1, Employment-related Identity Theft - TC 971 AC 525 (Pilot Population) removed this section as pilot program has been post-poned.

(46) IPU 14U0166 issued 01-23-2014 IRM 10.5.3-6, IMF Only TC 971 AC 504 added caution, when inputting using certain codes, the secondary date must carry the tax year in question.

(47) ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ "≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ "

(48) IPU 14U0196 issued 01-28-2014 IRM 10.5.3.2.15.1(4), Lost, Misplaced or Non-Receipt of IP PIN added example of command codes used to facilitate RTF research.

(49) IPU 14U0230 issued 01-30-2014 IRM 10.5.3.2.15.1(4), Lost, Misplaced or Non-Receipt of IP PIN added If/Then to facilitate understanding.

(50) IPU 14U0364 issued 02-24-2014 IRM 10.5.3.2.18.2, TC 971 AC 504 - Miscellaneous Field Code SPCL1, SPCL2, RPM, and EAFAIL clarified that AC 504 with these codes does not result in an IP PIN, however other conditions may have resulted in IP PIN issuance. The presence of AC 504 SPCL1, SPCL2, RPM, or EAFAIL does not affect the taxpayer's ability to obtain a replacement IP PIN if the IP PIN was lost, misplaced or never received.

(51) IPU 14U0375 issued 02-26-2014 Exhibit 10.5.3-18, BMF Acronyms & Definitions added caution Field Assistance employees are NOT profiled to use BMF ID Theft indicators

(52) IPU 14U0375 issued 02-26-2014 Exhibit 10.5.3-20, BMF ID Theft Indicators - TC 971 AC 522 IDTDOC - BMF ID Theft Documents Accepted clarified the Secondary Date Field on AC 522 will reflect the IRS received date of the taxpayer's supporting documentation.

(53) IPU 14U0375 issued 02-26-2014 Exhibit 10.5.3-21, BMF ID Theft Indicators - TC 971 AC 522 CLSIDT - Closed and Confirmed as BMF ID Theft clarified the Secondary Date Field on AC 522 will reflect the date the identity theft issue was resolved.

(54) IPU 14U0464 issued 03-10-2014 IRM 10.5.3.2.15.1(3) Lost, Misplaced or Non-Receipt of IP PIN , If/Then table TP will receive original IP PIN through the online application and not via E-mail.

(55) IPU 14U0548 issued 03-24-2014 IRM 10.5.3.2.6 (1) Note, Overview - Identity Theft Supporting Documentation removed the requirement to input both a TC 971 AC 522 PNDCLM and a TC 971 522 (INCOME, MULTFL, INCMUL, OTHER or NOFR) when the taxpayer provides supporting documentation while making the initial allegation of identity theft. Input only if the documentation is complete, input only a TC 971 522 (INCOME, MULTFL, INCMUL, OTHER or NOFR).

(56) IPU 14U0548 issued 03-24-2014 IRM 10.5.3.2.6 (7), Overview - Identity Theft Supporting Documentation added IF/Then table to clarify procedures for situations where the acknowledgment of the Form 14039 and supporting documents was not performed within the 30 day time frame.

(57) IPU 14U0548 issued 03-24-2014 IRM 10.5.3.2.18.2 (4), TC 971 AC 504 - Miscellaneous Field Code SPCL1, SPCL2, RPM, and EAFAIL removed the following: employees should notify the taxpayer they will be included in the IP PIN process.

(58) IPU 14U0548 issued 03-24-2014 IRM 10.5.3.2.11.1 (1) c, Closing Cases Involving IRS-Identified Identity Theft Affecting Tax Administration - TC 971 AC 506 corrected reference to Closing Identity Theft Issues to IRM 10.5.3.2.8.

(59) IPU 14U0548 issued 03-24-2014 IRM 10.5.3.3.7, BMF Identity Theft Liaisons added note: The Taxpayer Advocate Service (TAS) will use their OAR process to direct Operation Assistance Requests (OARs) to the appropriate BOD/Function Liaison. TAS OARs are reviewed prior to leaving the TAS organization. Inappropriate referrals will be promptly rejected back to the originator.

(60) IPU 14U0686 issued 04142014 IRM 10.5.3.2.10.4.1 Returns Selected by ID Theft Filters - Taxpayers Visiting the TAC (2) added note: If the taxpayer provides foreign documentation for picture identification follow IRM 3.21.263.5.3.4.2Reviewing Supporting Identification Documentation to determine if it is acceptable. And in (3) added cross-reference to IRM 25.25.6.5.1 TPP Repeater Letter 5216 – "Taxpayer Can Not Authenticate.

(61) IPU 14U0723 issued 04-18-2014 IRM 10.5.3.2.2. tracking and Reporting Identity Theft Cases - IMF removed (3) alpha list to improve clarity as follows: In most instances, for taxpayer initiated claims of identity theft, the case MUST be moved into identity theft inventory once the taxpayer has provided documents to support a claim of identity theft. This provides victims with a treatment stream for case resolution specific to identity theft. Refer to IRM 10.5.3.2.6, Overview - Identity Theft Supporting Documentation.

(62) IPU 14U0771 issued 04-25-2014 IRM 10.5.3.3.6, Taxpayer Supporting Documentation - Form 14039-B added a reminder not to issue a Form 14309-B to the taxpayer unless the case is controlled and assigned and a cross-reference to IRM 10.5.3.3.5.1, Controlling BMF Identity Theft Cases.

(63) IPU 14U1012 issued 06-17-2014 Exhibit 10.5.3-10, IMF Only TC 971 AC 506 - IRS-Identified Tax-Related Identity Theft Case Closure ,Exhibit 10.5.3-11, IMF Only TC 972 AC 506 Tax-Related, Reversal of Identity Theft Case Closure, No Taxpayer Provided Documents, and Exhibit 10.5.3-12, IMF Only TC 971 AC 522 Tax-Related Identity Theft, Case Status (Initial Claim/Suspicion and Supporting Documents) removed references to AMTAP and replaced them with IVO.

(64) IPU 14U1012 issued 06-17-2014 IRM 10.5.3.1.1 Definitions of Key Identity Protection Terms moved to IRM 10.5.3.2, IMF identity Theft Procedures and Definition for clarity. Renumbered the next sections accordingly.

(65) IPU 14U1012 issued 06-17-2014 IRM 10.5.3.2, IMF identity Theft Procedures and Definition added the IMF- Identity Theft Definition.

(66) IPU 14U1012 issued 06-17-2014 IRM 10.5.3.2.1, IMF- Identity Theft Research updated requirement to research for prior AC 50X.

(67) IPU 14U1012 issued 06-17-2014 IRM 10.5.3.2.5, Initial Allegation or Suspicion of Tax-Related identity Theft - Identity Theft Indicators added In situations where the taxpayer is reporting multiple tax years affected by identity theft, beginning July 1, 2014 there will be only one TC 971 AC 522 (PNDCLM or IRSID) applied to the taxpayer's entity module. The secondary date on command code REQ77 will reflect the tax year of the incident or if multiple years are affected, the earliest tax year involved. Also added an IF/Then Decision Table to clarify processes.

(68) IPU 14U1012 issued 06-17-2014 IRM 10.5.3.2.5.1 Taxpayer Initiated Allegations of Identity Theft - Pending Claim Identity Theft TC 971 AC 522 PNDCLM added direction to not input more than one TC 971 AC 522 PNDCLM per entity module. If, however the taxpayer is reporting identity theft and the account reflects a reversed TC 971 AC 522 PNDCLM , a new TC 971 AC 522 PNDCLM may be appropriate. Added caution Command Code REQ77 will not accept a tax year that exceeds seven years old from the current date. Refer to 10.5.3.2.5 (4), Initial Allegation or Suspicion of Tax-Related identity Theft - Identity Theft Indicators for additional information.

(69) IPU 14U1012 issued 06-17-2014 IRM 10.5.3.2.5.2, IRS Initiated Suspicion of Identity Theft - TC 971 AC 522 IRSID added note if there is already an unreversed TC 971 AC 522 IRSID or PNDCLM do NOT input TC 971 AC 522 IRSID. Revised section, not to input more than one TC 971 AC 522 IRSID per entity module. Added requirement to leave an IDRS history if additional tax years are affected by ID theft.

(70) IPU 14U1012 issued 06-17-2014 IRM 10.5.3.2.6 Overview - Identity Theft Supporting Documentation revised and clarified: Supporting documentation covers more than one tax year. The taxpayer does not need to submit documents for each year affected by identity theft. Only one TC 971 AC 522 reflecting documentation receipt is applied even if two or more years are effected by identity theft. The earliest tax year affected by identity theft will be input in the Secondary Date Field on command code REQ77. Added an If/Then decision table to clarify processes.

(71) IPU 14U1012 issued 06-17-2014 IRM 10.5.3.2.6.1 When to Request Identity Theft Supporting Documents added requirement to review ENMOD/IMFOLE to help prevent duplicative (identical) TC 971 AC 522, 501, and 506 entries. Also updated If/Then Decision table to clarify processes.

(72) IPU 14U1012 issued 06-17-2014 IRM 10.5.3.2.6.2 Complete and Legible Documents updated (3) to include and you can not make a determination using internal resources and research.

(73) IPU 14U1012 issued 06-17-2014 IRM 10.5.3.2.6.3 Marking Taxpayer Accounts When Accepting Identity Theft Supporting Documents added cross-reference to IRM Refer to IRM 10.5.3.2.6 Overview - Identity Theft Supporting Documentation.

(74) IPU 14U1012 issued 06-17-2014 IRM 10.5.3.2.6.4 TC 971 AC 522 NODCRQ obsoleted this tax administration source code from future application.

(75) IPU 10.5.3.2.7 Reversing Pending Identity Theft Claims - TC 972 AC 522 NORPLY or NOIDT added additional procedures for situations where the year currently flagged was done so in error.

(76) IPU 14U1012 issued 06-17-2014 IRM 10.5.3.2.8, Closing Identity Theft Issues editorial revision.

(77) IPU 14U1012 issued 06-17-2014 IRM 10.5.3.2.9 Closing Taxpayer Initiated Identity Theft Affecting Tax Administration - TC 971 AC 501, Documentation Provided revised there can be only one TC 971 AC 501 per tax year.

(78) IPU 14U1012 issued 06-17-2014 IRM 10.5.3.2.9.1, Actions Taken After TC 971 AC 501 Placed on Account clarifying when a CP 01 is issued.

(79) IPU 14U1012 issued 06-17-2014 IRM 10.5.3.2.10.1.3 Functional Responsibilities Regarding Referrals Meeting TAS Criteria 5-7, Identity Theft Assistance Requests (ITAR) to the IPSU updated (2) Review ENMOD/IMFOLE to determine if the tax year in question entity module has already been marked with a TC 971 AC 522.

(80) IPU 14U1012 issued 06-17-2014 IRM 10.5.3.2.10.5, Identity Theft Identified by Submission Processing removed reference to 5073C letter and replaced with CP 01S.

(81) IPU 14U1012 issued 06-17-2014 IRM 10.5.3.2.11.1 Closing Cases Involving IRS-Identified Identity Theft Affecting Tax Administration - TC 971 AC 506 added (1) d: Review the entity module for a prior TC 971 AC 506 for the same tax year.

(82) IPU 14U1012 issued 06-17-2014 Exhibit 10.5.3-12 IMF Only TC 971 AC 522 Tax-Related Identity Theft, Case Status (Initial Claim/Suspicion and Supporting Documents) added note: If the taxpayer is reporting more than one year affected by identity theft, the Secondary-DT field will reflect the earliest tax year affected by identity theft. Removed Tax Administration Code NODCRQ from BOD/Function the tables.

(83) IPU 14U1012 issued 06-17-2014 IRM 10.5.3.3.4.1(1) BMF Identity Theft Tracking Indicator updated cross reference IRM section to 10.5.3.3.4 (2) Tracking And Reporting Identity Theft cases - BMF.

(84) IPU 14U1012 issued 06-17-2014 Exhibit 10.5.3-3 updated acronyms.

(85) IPU 14U1012 issued 06-17-2014 Exhibit 10.5.3-6 IMF Only TC 971 AC 504 , removed requirement for BOD in Miscellaneous Code field and made editorial changes to description of the Miscellaneous Field Code.

(86) IPU 14U1012 issued 06-17-2014 Exhibit 10.5.3-11, IMF Only TC 972 AC 506 Tax-Related, Reversal of Identity Theft Case Closure, No Taxpayer Provided Documents, made editorial changes.

(87) IPU 14U1012 issued 06-17-2014 Exhibit 10.5.3-12, IMF Only TC 971 AC 522 Tax-Related Identity Theft, Case Status (Initial Claim/Suspicion and Supporting Documents) added note: If the taxpayer is reporting more than one year affected by identity theft, the Secondary-DT field will reflect the earliest tax year affected by identity theft.

(88) IPU 14U1052 issued 06-25-2014 Exhibit 10.5.3-10, IMF Only TC 971 AC 506 - IRS Determined Tax-Related Identity Theft Case Closure, updated definition of Tax Administration Source Code NOFR to include the SSN owner has no filing requirement.

(89) IPU 14U1205 issued 08-04-2014 IRM 10.5.3.2.13, Locking Decedent Accounts - TC 971 AC 524 added a reference to IRM 21.6.6.3.22.3, CP 01H Decedent Account Responses.

(90) IPU 14U1205 issued 08-04-2014 IRM 10.5.3.2.14 revised title of this section to Manually Reversing TC 971 AC 524: Date of Death Present on INOLES and revised guidance to be specific to only TC 971 AC 524 where a DOD is present on INOLES.

(91) IPU 14U1205 issued 08-04-2014 IRM 10.5.3.2.14.1 Manually Reversing TC 971 AC 524: No Date of Death Present on INOLES added new section with guidance for CSRs.

(92) IPU 14U1205 issued 08-04-2014 IRM 10.5.3.2.15.1 Lost, Misplaced or Non-Receipt of IP PIN, clarifying a replacement IP PIN can be provided to an appointee authorized by through submission of Form 8821, Taxpayer Information Authorization.

(93) IPU 14U1205 issued 08-04-2014 Exhibit 10.5.3-17, TC 972 AC 524 - Reversal of TC 971 AC 524 updating exhibit to allow for CSRs to correct AC 524 when no Date of Death is present.

(94) IPU 14U1282 issued 08-21-2014 Exhibit 10.5.3-10, IMF Only TC 971 AC 506 - IRS Determined Tax-Related Identity Theft Case Closure , expanded definition of OTHER1 to include a confirmed valid address for the taxpayer (includes situations when a return has not been filed or when the taxpayer has no filing requirement).

(95) IPU 14U1282 issued 08-21-2014 IRM 10.5.3.2.14, Manually Reversing TC 971 AC 524 - Date of Death Present on Command Code INOLES, removed references to SSA letter 2458.

(96) IPU 14U1314 issued 09-02-2014 IRM 10.5.3.2.6 (7), Overview - Identity Theft Supporting Documentation added caution not to acknowledge receipt of 14039 is you suspect it is from an identity thief.

(97) IPU 14U1314 issued 09-02-2014 IRM 10.5.3.2.6.2 (3), Complete and Legible Documents added note to If/Then table to refer to functional guidance when there is no open control and the employee is unable to make a determination of ID theft.

Effect on Other Documents

IRM 10.5.3, dated 01-16-2014 is superseded. This IRM incorporates IRM Procedural Updates issued between 01-23-2014 and 09-02-2014: 14U0166, 14U0196, 14U0230, 14U0364, 14U0375, 14U0464, 14U0548, 14U0686, 14U0723, 14U0771, 14U1012 ( all references to inputting only one TC 971 AC 522 PNDCLM or TC 971 AC 522 IRSID per entity module were removed. Employees will apply one TC 971 AC 522 PNDCLM or TC 971 AC 522 IRSID, as applicable per tax year impacted by identity theft), 14U1052, 14U1205, 14U1282, and 14U1314. See IRM 1.11.2.6.1.4, Effect on Other Documents.

Audience

The provisions in this manual apply to all divisions, functional units, employees, and contractors within the IRS.

Effective Date

(12-17-2014)

James P. Clifford
Director, Accounts Management Wage and Investment Division

10.5.3.1  (12-17-2014)
Background of the Identity Protection Program and Policy Guidance

  1. Purpose. This manual defines the mission, objectives, and governance structure of the Identity Protection Program. It provides the organizational framework for carrying out specific policies and procedures aimed at preventing identity theft, protecting taxpayers and providing assistance to victims of identity theft.

  2. Scope. The provisions in this manual apply Servicewide.

  3. Accountability. Safeguarding and preventing the unauthorized disclosure of Personally Identifiable Information (PII) is a responsibility that is shared by all IRS employees and contractors. Lost or disclosed PII may be used to perpetrate identity theft or other forms of fraud if the information falls into unauthorized hands. Refer to IRM 10.5.3.2, IMF Identity Theft Procedures and Definition for more information on PII.

10.5.3.1.1  (12-17-2014)
Origins of the Identity Protection Program

  1. Federal agencies have been instructed by the Office of Management and Budget (OMB) and the Department of the Treasury to address the increasing occurrence of identity theft.

  2. The Identity Protection Program was created in response to these directives and recommendations and to ensure IRS compliance with the President's Identity Theft Task Force Report.

  3. Identity theft creates a heavy financial and emotional toll on its victims and severely burdens our economy. The IRS is focused on prevention and assistance activities including a comprehensive approach to protecting taxpayer information. The IRS will enhance efforts through three primary goals:

    • victim assistance

    • outreach

    • prevention

10.5.3.1.2  (12-17-2014)
Identity Protection Program Responsibilities

  1. Identity Protection - The Identity Protection Strategy & Oversight (IPSO) Office has the following specific responsibilities related to administering the Identity Protection Program in IRS:

    1. Building programs to reduce incidents of identity theft

    2. Defining, communicating, and assigning responsibility for the IRS' substantiated identity theft incident tracking program

    3. Raising taxpayer awareness of identity theft techniques through outreach

    4. Reducing taxpayer burden and improving service options while addressing and resolving identity theft cases

    5. Protecting Treasury revenue by identifying suspicious filings before the refunds are generated

    6. Increasing operational efficiency of the IRS by detecting and processing reported identity theft incidents as early and consistently as possible

    7. Carrying out activities as required by the Identity Theft Advisory Council, which oversees the development and execution of the Identity Protection Program

    8. Identifying emerging trends and developing appropriate strategies and responses

    9. Developing, defining, monitoring, and executing identity theft policies and procedures

    10. Participating in risk assessments on IRS business processes, where appropriate

    11. Communicating and coordinating with both internal and external stakeholders (such as the Federal Trade Commission) to ensure consistency regarding identity theft issues

    12. Determining identity theft performance measures to assess the effectiveness of the program and identity theft initiatives throughout the IRS, and making recommendations for improvement as appropriate

    13. Overseeing the maintenance, publication, and conveyance of the servicewide identity theft guidance via the Identity Protection Program Internal Revenue Manual (IRM), ensuring that the information contained remains current

    14. Conducting identity theft program reviews, which include but are not limited to:
      IRM reviews to verify procedural consistency; and
      Closed case reviews to ensure adherence to servicewide policies and procedures

    15. Evaluating new technologies and assessing benefits for use in identity theft initiatives.

    16. Developing a process, along with Criminal Investigation, to communicate identity theft schemes and tactics used by perpetrators.

  2. IPSO supports servicewide efforts to recognize and resolve identity theft issues while striving to provide a uniform and consistent approach to victim assistance. This includes internal outreach to all Business Operating Divisions to ensure the established policies are implemented and supported servicewide.

10.5.3.1.2.1  (12-17-2014)
Identity Protection Program Servicewide Identity Theft Guidance

  1. Identity theft occurs when someone uses an individual’s personal information, such as name, Social Security Number (SSN), or other identifying information without permission, to commit fraud or other crimes. Taxpayers may notify the IRS when they believe they have experienced an identity theft incident. In these instances, taxpayers must provide documentation to establish that they are identity theft victims.

  2. Identity theft often leaves its victims feeling helpless and distraught. Service employees should exercise empathy in dealing with victims. See IRM 10.5.3.1.2.5, Taxpayer Interaction. Additionally, the Taxpayer Bill of Rights II (TBOR 2), grants all taxpayers important rights. See Pub 1, Your Rights as a Taxpayer.

  3. Identity theft cases will be prioritized and worked expeditiously.

  4. Identity theft can affect tax administration in two primary ways:

    • Employment or Income Related - This occurs when the identity thief uses the victim’s SSN to obtain employment, resulting in what may appear as unreported income under the victim's account.

    • Refund Related - This occurs when the identity thief uses the victim’s SSN to file a false federal income tax return to obtain a refund. If the thief files before the victim, the victim may not receive his or her refund within a reasonable time frame.

10.5.3.1.2.2  (12-17-2014)
IRS Employees Who May be Victims of Identity theft

  1. Non-Tax Related Identity Theft - If you think you might be at risk of identity theft due to a lost or stolen purse or wallet, questionable credit card activity or credit report, you should contact the IRS Identity Protection Specialized Unit to take steps to protect your account.

    • You can call IPSU toll-free at 800-908-4490, Mon. – Fri., 7 a.m. -7 p.m. local time (Pacific Time for Alaska and Hawaii). You will need to fill out an 'IRS Identity Theft Affidavit', Form 14039.

      Note:

      Please be sure to write legibly and follow the instructions on the back of the form.

    Note:

    For additional information on non-tax related identity theft, see IRM 21.9.2.3.1, Self Identified - Non-Tax-Related Identity Theft.

  2. Tax Related Identity Theft -

    • If you think someone is using your information to file false tax returns, you should contact the IPSU toll-free number and your local Treasury Inspector General for Tax Administration (TIGTA) office immediately, in person or by phone at 800-366-4484.

    • If you receive an IRS notice that makes you think you have become a victim of tax-related identity theft, you should call the number on the notice as soon as possible.

    • If you believe someone is using your information to impersonate an IRS employee, or if you suspect an IRS employee may be involved in your identity theft, you should contact TIGTA immediately.

10.5.3.1.2.3  (12-17-2014)
Assessing the Scope of the Taxpayer’s Issues

  1. Taxpayers may initially come to IRS regarding a current year refund. Some taxpayers may not be aware that other tax modules have also been affected by identity theft.

  2. Upon receipt/assignment of an identity theft case, an initial cursory review must be performed to identify all taxpayers and all taxpayer issues. Identifying issues at the beginning of the case provides a higher level of customer service and reduces the potential for problems to go unresolved.
    For IMF Cases refer to both IRM 10.5.3.1.2.3, Assessing the Scope of the Taxpayer’s Issues and your functional IRM. For example:

    • IRM 21.6.2.4.2.3, Preliminary Research

    • IRM 4.19.13.25.8, Complete Account Analysis


    For BMF Cases refer to IRM 10.5.3.3, BMF Identity Theft Procedures and your functional IRM..

  3. Special attention should be given to cases that by their nature indicate a high potential for multiple year involvement. Although the following examples are not all inclusive, taxpayers who do not have a filing requirement are more susceptible to being targeted. This includes elderly, disabled and/or underage.

    Example:

    A taxpayer’s only income is SSI. A proposed reduction in SSI benefits due to an IRS levy has prompted the taxpayer to contact IRS and file a Form 14039 indicating his SSI was levied for a 2010 tax liability. Furthermore, the taxpayer states that they are permanently disabled and have not worked since 2007. Account review indicates returns filed for 2009, 2010, 2011, and 2012.

    Example:

    A duplicate filing condition involves one return showing low wages, a filing status of single, and no dependents claimed. The other return shows a filing status of MFJ with dependents claimed. Our records show that the taxpayer is 17 years old. While it is possible for a 17 year old to file a MFJ return claiming dependents, the very nature of this case should cause the employee working the case to look at prior years. In our example, the prior years show the MFJ couple has been filing for years under the SSN. Refer to your relevant operational IRM(s) for the appropriate action to be taken on the prior years.

    Note:

    It is understood that multiple year involvement may not surface until a later phase in the processing of the case.

10.5.3.1.2.4  (01-16-2014)
Addressing All Taxpayer Issues

  1. IRS is committed to providing taxpayers who have experienced identity theft with an additional level of sensitivity and understanding. From the taxpayer’s perspective, his/her account encompasses all his/her tax returns.

  2. Employees assigned an identity theft case will treat the identity theft victim’s account as a whole, resolving all account issues.

  3. When identity theft issues involve multiple tax years that require corrective actions by multiple functions, every effort must be made to ensure all issues are addressed and resolved. For IMF account issues involving multiple functions, refer to IRM 10.5.3.2.10.1.1, IPSU Monitoring Multiple Function Criteria (MFC) Accounts.

  4. When identity theft issues involve multiple tax years or multiple taxpayers that may or may not be assigned or active (for example, “active” referring to a tax year with a balance due), every effort must still be made to ensure all issues are addressed and resolved.

10.5.3.1.2.5  (12-17-2014)
Taxpayer Interaction

  1. All taxpayers desire and expect courteous service. Taxpayers who have experienced identity theft are already victims, either emotionally or financially. IRS employees need to be aware of that impact and handle the contact with an additional level of sensitivity and understanding. You must also guard against unauthorized disclosures and verify you are talking to the taxpayer or their authorized representative.

  2. Victims may suffer more than the loss of funds and ruination of their credit rating. Among other costs, victims may be subjected to potential loss of opportunities, such as those associated with employment and housing.

  3. In addition to providing the taxpayer with courteous service, you should educate the taxpayer as to how to protect themselves and where to find additional information:

    • Contact the Federal Trade Commission (FTC) Identity Theft Hotline;

    • Contact the Social Security Administration (SSA);

    • File a report with their local or state police;

    • Contact their state Attorney General's office;

    • Contact one of the three major credit bureaus: Equifax, Experian, or TransUnion;

    • File Form 14039, Identity Theft Affidavit with the IRS;

    • Review Publication 4535, Identity Theft Prevention and Victim Assistance; and

    • Review the IRS website.


    For additional information see IRM 21.9.2.3, Identity Theft - Telephone Overview.

  4. Taxpayers meeting Taxpayer Advocate Service (TAS) Criteria 1-4 (economic burden), will be referred to the TAS, see IRM 13.1.7.2, TAS Case Criteria.

    Caution:

    If IRS can provide relief or take a substantive action towards providing relief within 24 hours, do not send the case to TAS.


    Generally, IRS will refer TAS Criteria 5-7 cases to IPSU for resolution. Refer to IRM 21.9.2.9, Identity Theft Assistance Request (ITAR) - General Information, for the IPSU criteria.

10.5.3.1.3  (12-17-2014)
IRS/IPSO Initiatives

  1. The IRS established and expanded initiatives to address identity theft in tax administration which includes:

    • The Technical Working Group for Identity Theft Victim Assistance (TWG);

    • The Identity Theft Advisory Council; and

    • Identity Theft Training

10.5.3.1.3.1  (12-17-2014)
Technical Working Group for Identity Theft Victim Assistance

  1. The Technical Working Group for Identity Theft Victim Assistance (TWG) is a cross-functional group that discusses unique identity theft cases where the taxpayer has been unduly burdened. The TWG was established through a collaborative effort with TAS, and is facilitated by the Identity Protection Program.

  2. The overall purpose of the TWG is to provide a forum for developing recommendations on how processes and procedures can be improved to address and reduce the burden on taxpayers who are victims of identity theft. The TWG's responsibilities include:

    1. Providing a medium for cross-functional discussion and data gathering on identity theft issues

    2. Analyzing identity theft cases where the victim has been significantly burdened

    3. Determining if there are existing procedures to address key issues

    4. Discussing ideas on how related procedures can be developed and/or improved

    5. Developing recommendations for process improvements

  3. The TWG meets periodically and is comprised of representatives and subject matter experts from the various business units and functions. During the meetings, TWG participants discuss a taxpayer identity theft case and provide analysis and function-specific insight regarding existing processes and procedures pertaining to the case and taxpayer treatment. Through this discussion, the group suggests ideas to improve existing procedures and/or provides recommendations for procedures that may need to be developed.

  4. The TWG provides a forum for discussing systemic and procedural issues and developing recommendations and solutions on how processes and procedures can be improved to reduce taxpayer burden with regard to issues of identity theft. The function of the TWG is NOT to address specific taxpayer related identity theft issues, but rather to deal with systemic/procedural issues.

  5. The TWG encourages functions to submit systemic and procedural issues of identity theft that cannot be resolved at the functional level, to the TWG. Issues identified by functions will first follow the issue escalation process of their respective organization. If an issue cannot be resolved through the functional channels, but meets the systemic/procedural issue criteria shown in IRM 10.5.3.1.3.1 (6) and (7) below, the functional liaison to the TWG will document the issue using the Issue Submission Template.
    The functional liaison will e-mail the completed Issue Submission Template to the following E-mail address: IPTWG@irs.gov .

  6. An Identity Protection staff member will monitor the issue submission mailbox regularly. The Monday before the TWG meeting (meetings held monthly), an Identity Protection staff member will review and select an issue to be presented to the TWG. As part of the issue review process, the Identity Protection staff member will review the form and may follow up with the submitter for additional clarification. The selected issue will be added to the agenda and will be discussed during the TWG meeting. The TWG will attempt to resolve the issue and submit the procedural changes via a SERP alert, interim guidance, and/or IRM changes.

  7. Guidelines for Selecting Systemic Issues to be Addressed by the TWG - The TWG provides a forum for discussing systemic issues and developing recommendations on how processes and procedures can be improved to reduce taxpayer burden. A systemic issue can be defined as an issue that meets any of the following criteria:

    1. Can be expected to affect multiple taxpayers.

    2. Is not a problem specific to an individual taxpayer.

    3. Affects segments of the taxpayer population, locally, regionally or nationally.

    4. Relates to IRS systems, policies, and procedures.

    5. Requires study, analysis, administrative changes or legislative remedies.

    6. Involves protecting taxpayer rights, reducing or preventing taxpayer burden, ensuring equitable treatment of taxpayers or providing essential services to taxpayers.

  8. The TWG is focused on the issue of identity theft, therefore all systemic issues should be specifically related to incidents of identity theft. Identity theft is defined as an incident where someone uses another individual's personal information such as name, Social Security Number (SSN), or other identifying information, without permission, to commit fraud or deception. Each issue should meet one or more of the following criteria.

    1. A procedural gap has been identified where no IRM exists.

    2. More than one IRM exists, and the guidance is not consistent, causing disparate treatment from one case to another

    3. A procedural gap has been identified in a single BOD; however other BODs may be impacted

    4. A procedural gap has been identified in a single BOD, and the SME would like the TWG to review the issue and provide feedback

    5. A technical issue has been identified that is likely to impact multiple cases and should be addressed on a systemic level

    6. An issue requires expedited resolution; may be in response to an external inquiry to a prior case

10.5.3.1.3.2  (01-16-2014)
The Identity Theft Advisory Council

  1. The Identity Theft Advisory Council (IDTAC) is part of a two-tiered governance process to address Servicewide identity theft efforts.

  2. Sharing identity theft related information is the major role of the Council. This ensures all participants are equally informed regarding issues, trends, and identity theft initiatives. The IDTAC will make decisions about how to move forward on current and new initiatives and advise the Identity Theft Executive Steering Committee (IDTESC) on initiatives requiring their action or decision.

  3. The advisory role to the IDTESC includes, but is not limited to, the following:

    • Foster development of additional tools to further reduce taxpayer burden, protect Treasury revenue, and increase processing efficiencies;

    • Coordinate issues with business functions to assist with decision-making, such as ensuring risks and interdependencies are properly managed;

    • Monitor and report on emerging issues impacting identity theft;

    • Monitor and report on IDT inventory trends and metrics, assess business performance and recommend strategies for addressing performance; and

    • Elevate unresolved disputes to the IDTESC

10.5.3.1.3.3  (12-17-2014)
Awareness Training and Education

  1. IPSO will develop and provide annual employee awareness training.

10.5.3.1.3.4  (01-16-2014)
Business Entities Whose Employee or Clients PII was Breached

  1. Businesses, hospitals, doctor’s offices, etc., may contact IRS when their employee or client PII has been breached. If you are contacted by one of these entities, and they are seeking guidance for their employees/clients, the following actions/precautions should be recommended.
    Recommend the breached entity contact each of the affected individuals/clients/employees whose data was breached to take the following precautions:

    • Contact the Federal Trade Commission (FTC) Identity Theft Hotline, the Social Security Administration (SSA); and one of the three major credit bureaus: Equifax, Experian, or TransUnion; and

    • File Form 14039, Identity Theft Affidavit, and the required supporting documentation with the IRS. Refer to IRM 10.5.3.2.6 , Overview - Identity Theft Supporting Documentation for additional information.

    Note:

    The affected individuals will need to file Form 14039 to have their account protected. IRS does not accept Form 14039 from unauthorized third parties.

  2. For additional information on identity theft guidance, refer to IRM 21.9.2.3, Identity Theft -Telephone Overview.

10.5.3.2  (12-17-2014)
IMF identity Theft Procedures and Definition

  1. This subsection of IRM 10.5.3 is specific to resolving Individual Masterfile (IMF) accounts.

  2. Identity Theft- A fraud that is committed or attempted, using a person's identifying information without authority.

    Example:

    Identity Theft: In 2010, the taxpayer filed his own return and did not use a preparer. However, unbeknownst to the taxpayer, the preparer he used in 2009, filed a return using the victim’s SSN without his permission. In 2010, the taxpayer was a victim of identity theft.

    Caution:

    Do not confuse preparer misconduct with identity theft.

    Example:

    The taxpayer calls the IRS inquiring about his refund only to be informed the refund was offset to a previous year’s balance due. The taxpayer was unaware of a balance due. After further research, the CSR determines the balance due is a result of an AUR assessment under his TIN. The taxpayer is claiming to have no knowledge of the notices issued related to these actions nor the income being reported under his TIN for a previous year. The taxpayer suspects he may be a victim of identity theft.

  3. Preparer Misconduct: Return Preparer misconduct generally involves the orchestrated preparation and filing of false income tax returns (in either paper or electronic form) by unscrupulous preparers who may claim, for example:

    • Inflated personal or business expenses;

    • False deductions;

    • Unallowable credits;

    • Excessive exemptions; or

    • Fraudulent tax credits such as the Earned Income Tax Credit (EITC).

    The preparer's clients may or may not have knowledge of the false expenses, deductions, exemptions and/or credits shown on their tax returns.

    Example:

    Preparer Misconduct: A taxpayer used a preparer in 2009 to prepare and file Form 1040. The preparer changed the return by increasing the withholding tax claimed and diverted the resulting refund into the preparer’s personal account. This is preparer misconduct, do not place an identity theft tracking indicator on the 2009 tax year.

    Note:

    Refer to your functional IRM for guidance on resolving preparer misconduct cases.

  4. Personally Identifiable Information (PII). The definition of personally identifiable information is provided by OMB 07-16. For further information about PII, see the Privacy, Governmental Liaison, Disclosure (PGLD) web page called PII - What is personally identifiable information?.

  5. Incident - Throughout this IRM, the term “incident” refers to an occurrence or event involving identity theft as it applies to a specific tax year(s) as reported by the taxpayer.

  6. For a full listing of Identity Protection terms, see Exhibit 10.5.3-1, Glossary of Identity Protection Terms and Definitions.

10.5.3.2.1  (12-17-2014)
IMF- Identity Theft Research

  1. Research should be performed and documented prior to reaching a final determination of identity theft. Research using Command Codes (CC) ENMOD, IMFOL, RTVUE, NAMES, INOLE, DUPOL, FFINQ, REINF, and IRPTR.

    Caution:

    Consult your functional IRM for research requirements when resolving identity theft cases as the following list is not all inclusive.

    1. Research the TIN (valid and invalid) to determine if there was a mixed entity or scrambled case in prior years, and to locate any possible cross-reference TIN.

      Note:

      Research Real-Time System (RTS) in addition to IDRS research of CCs for Individual Tax Identification Numbers (ITIN). See IRM 3.21.263.8.1.2, Accessing and Logging onto ITIN RTS and IRM 3.21.263.8.4, Researching the ITIN RTS.

      Caution:

      See IRM 21.6.2,Adjusting TIN-Related Problems for additional information.

    2. Review all returns for the year(s) involved (including returns filed at other sites AND electronic filed returns). When applicable, utilize SCFTR Service Center Control File (SCCF) as a part of your research. For ITIN cases, use EUP/RTS to locate DLNs to request any relevant original Form W-7 application documents.

      Note:

      Prior to ordering returns from files, hard copy MFTRA prints, and NUMIDENT use CC RTVUE, TRDBV etc. to case build. Unnecessary ordering of returns, MFTRAs and NUMIDENTs may delay case resolution.

    3. Search returns, schedules, and forms for a different TIN. Research spouse and dependent information whenever available.

    4. Compare all documents and return information for:
      •Name
      •Social Security Number
      •Address
      •Occupation
      •Exemptions
      •Signatures (except for e-filed returns when a signature is unavailable)
      •Similar tax data
      •Forms W-2, etc.
      •Marital status changes
      •Tax preparer

    5. If you cannot locate a valid TIN for each taxpayer, and the common number (the taxpayer identification number used by the victim and the perpetrator) is an SSN, request MFTRA, type U, to obtain NUMIDENT information.

    6. Search returns and entity modules for indications of identity theft such as identity theft documentation attached to the return or a previously posted TC 971 with Action Code (AC) 50X or TC 971 with Action Code 522.

    Caution:

    Inadequate authentication of the identity of a caller could result in an unauthorized disclosure of return or return information. Refer to IRM 21.1.3.2.3, Required Taxpayer Authentication and IRM 21.1.3.2.4, Additional Taxpayer Authentication.

10.5.3.2.2  (04-18-2014)
Tracking and Reporting Identity Theft Cases - IMF

  1. The first step to tracking and reporting identity theft incidents is through the use of Identity Theft Tracking Indicators. Identity theft can be tax related or non-tax related. Identity theft cases can be found in virtually any BOD/Function inventory.

  2. In situations where the taxpayer makes an allegation of identity theft or when the IRS initially suspects that identity theft may have occurred, IRS functions will apply an identity theft indicator. The identity theft tracking indicator alerts others that a claim of identity theft has been reported. Refer to IRM 10.5.3.2.5, Initial Allegation or Suspicion of Identity Theft - Identity Theft Indicators for additional information regarding the appropriate tracking indicator.

    Note:

    The application of the TC 971 AC 522 PNDCLM does not always equate to an inventory point of count. Refer to your functional IRM regarding the process of inventory management for ID Theft cases.

  3. In most instances, for taxpayer initiated claims of identity theft, the case MUST be moved into identity theft inventory once the taxpayer has provided documents to support a claim of identity theft. This provides victims with a treatment stream for case resolution specific to identity theft. Refer to IRM 10.5.3.2.6, Overview – Identity Theft Supporting Documentation.

    Note:

    Follow your normal functional IRM guidance for case assignment/referral.

10.5.3.2.3  (12-17-2014)
Multiple Function Criteria (MFC) Cases Requiring Referral to IPSU for Monitoring - IMF

  1. The IRS will monitor taxpayer accounts through resolution when a taxpayer’s account requires corrective actions by more than one function. Multiple Function Criteria (MFC) is defined as an identity theft case requiring resolution across functions. The term “multiple function” as applied to this process means a case that is located in more than one of the following defined functions:

    • Accounts Management - Open controls in Refund Inquiry and Statutes would be considered a “single function” because both programs reside under the Accounts Management umbrella;

    • Compliance - Open controls in AUR and Exam would be considered a single function because both programs reside under the Compliance umbrella. Refer to the note below regarding Compliance functions;

    • Return Integrity and Correspondence Services (RICS);

    • Field Assistance (FA);

    • Large Business & International (LB&I);

    • Appeals; and

    • Submission Processing (SP)

    Note:

    Compliance Functions include Automated Underreported (AUR), Automated Substitute for Return (ASFR), Campus Exam, Field Exam, Automated Collection System (ACS), Automated Collection System Support (ACSS), Compliance Services Collection Operations (CSCO), and Field Collection regardless of BOD. When multiple compliance functions are involved, the case will be resolved by the function with the earlier control.

  2. As directed by IRM 10.5.3.1.2.3, Assessing the Scope of the Taxpayer’s Issues, upon receipt of an identity theft case, employees will review the account to determine if MFC issues exist.

    Example:

    The employee assigned a TY 2010 ASFR involving an identity theft claim reviews the taxpayer’s account and finds that for the 2012 tax year, AM is working a duplicate filing case. Because of the open duplicate filing case and the ASFR case, this identity theft case has met the Multiple Function Criteria (MFC) and requires resolution of the issues by more than one function. (Accounts Management and Compliance). Each function will be responsible to resolve their taxpayer’s issues. IPSU would monitor this case through complete case resolution.

    Note:

    W&I IPSU employees will follow IRM 21.9.2.3.3, Tax-Related Identity Theft (IPSU Toll-Free line CSRs only).

    IF THEN
    A taxpayer’s case resolution meets MFC (more than one function must take corrective action complete case resolution)
    • Complete Form 14027A and fax to the Image Control team (ICT) at 855-807-5720 within 30 days of receipt. Include a copy of Form 14039 and supporting documents, if applicable.

    • If Form 14039 was received, acknowledge receipt per IRM 10.5.3.2.6, Overview - Identity Theft Supporting Documentation within 30 days.

    • Input the appropriate TC 971 AC 522 Codes per IRM 10.5.3.2.5, Initial Allegation or Suspicion of Tax-Related identity Theft - Identity Theft Indicators and IRM 10.5.3.2.6.3, Marking Taxpayer Accounts When Accepting Identity Theft Supporting Documents.

    A taxpayer’s case resolution does NOT meet MFC Continue with case resolution using your IRM procedures.
  3. In situations where IPSU receives a Form 14027A monitoring request and the account does not meet MFC, IPSU will reject the Form 14027A within two (2) business days of the referral being rejected. Refer to IRM 21.9.2.4.3, Multiple Function Criteria (MFC) – IDTX.

10.5.3.2.3.1  (01-16-2014)
Multiple Function Criteria (MFC) vs. Single Function

  1. Multiple cases residing in one function will not be monitored by IPSU. The function assigned will take all actions required to resolve the taxpayer’s issues and act as the Point of Contact through resolution of the single IDT issue. The taxpayer may experience identity theft problems in one or more of his/her accounts/tax years but if Multiple Function Criteria (MFC) as described in IRM 10.5.3.2.3, Multiple Function Criteria (MFC) Cases Requiring Referral to IPSU for Monitoring is not met because issue resolution resides in a single function, do not refer the case to IPSU for monitoring.

    Multiple Issue Located in This occurs when all taxpayer issues are located only in one Function….
    Accounts Management (AM) One AM employee is working a TY 2011 identity theft case. A second AM employee is assigned a TY 2012 Duplicate filing case. The employee with the earliest received date will take ownership of both years and act as the single point of contact for the taxpayer. Because both employees reside in AM, IPSU will not monitor this case.
    IRM references for AM:
    • IRM 21.2.2.4.2, IDRS Case Controls

    • IRM 21.6.2.4.2.1, IDRS Case Controls

    Compliance This occurs when all taxpayer’s issues are located only in Compliance Functions. For example: TY 2009 is open in AUR while TY 2008 is open in exam.
    IRM references for Compliance:
    • IRM 5.19.6.26.3.1, Cases Meeting ACSS Criteria with Multiple Functional Involvements.

    • IRM 4.19.13.25.3.2, Multiple Function Controls

    Note:

    Compliance functions include AUR, ASFR, Campus Exam, Field Exam, ACS, ACSS, CSCO, and Field collection regardless of BOD.

    Note:

    Compliance employees will complete the "Complete Account Analysis" procedures on all cases as required in the functional IRMs.

10.5.3.2.4  (12-17-2014)
IMF Identity Theft Tracking Indicators

  1. The Identity Protection Program developed identity theft indicator codes to track identity theft incidents. Each indicator is input as a Transaction Code (TC) 971 with Action Code (AC) and is displayed on Integrated Data Retrieval System (IDRS) via command codes ENMOD or IMFOL with definer "E" of the affected taxpayer's account. For accounts not available on IDRS, command code IMFOLE will display the identity theft tracking indicators.

  2. Identity theft tracking indicators are used to mark both tax-related and non-tax related incidents of identity theft and they help us to identify open and closed cases. While some action codes are used to track the progression of inventory (522) others provide taxpayer protections (501 and 506) once the tax related identity theft issue is resolved.

  3. In January 2012, PGLD- Office of Identity Protection expanded the use of identity theft markers to facilitate Servicewide tracking and reporting of identity theft incidents. These indicators, or markers, capture identity theft inventory from the initial taxpayer allegation to account resolution. Each indicator is input as a Transaction Code (TC) 971 with an Action Code (AC) and Tax Administration Source Code.

  4. The AC and Tax Administration Source Code is dependent upon the facts and circumstances of the case.

10.5.3.2.4.1  (12-17-2014)
Mass Input of Identity Theft Tracking Indicators

  1. Identity theft tracking indicators are used to mark both tax-related and non-tax related incidents of identity theft. The indicators help IRS in identifying open and closed cases. Generally, indicators are input to taxpayer accounts using IDRS. However, under certain conditions, the service may consider marking many accounts with specific identity theft indicators at one time by posting the indicator directly to masterfile.

  2. Functions considering this path for marking accounts MUST first contact IPSO Technical Staff via E-mail for IPSO concurrence. The E-mail must contain the following:

    • A detailed explanation of why the indicator is being used to mass flag accounts.

    • The number of accounts being marked with an identity theft indicator.

    • The method by which taxpayers will be notified that an indicator was placed on their account and an example of that notification letter or notice.

    • A draft of the function’s IRM guidance, IPU, or SERP alert detailing the marking of the accounts and the date the guidance will be available.

    • An agreement with the unpostable functions that will resolve subsequent unpostable conditions resulting from the mass indicator inputs.


    Direct the E-mail to the following mailbox: ipp@irs.gov .

  3. Any efforts to post identity theft indicators directly to masterfile MUST use the formats established in IRM Exhibits 10.5.3-4 through 10.5.3-17. Not following the specifications for input will negatively affect the ability to reverse or take corrective actions. Failure to adhere to established formats will impede or prevent the business rules tied to the indicators from functioning as intended.

10.5.3.2.5  (12-17-2014)
Initial Allegation or Suspicion of Tax-Related identity Theft - Identity Theft Indicators

  1. An initial allegation or suspicion of identity theft can be recognized by either the taxpayer or the service. IPSO developed tracking indicators to mark taxpayer accounts when the identity theft incident is initially alleged or suspected.

  2. Two Tax Administration Source codes were developed to track cases as they are initially identified:

    1. TC 971 AC 522 PNDCLM - for taxpayer initiated allegations of identity theft.

    2. TC 971 AC 522 IRSID - for IRS initiated suspicions of identity theft.

    Reminder:

    TC 971 AC 522 does not provide taxpayer protections or prevent future occurrences of identity theft. This code is used to identify potential identity theft cases.

  3. Prior to marking an account with TC 971 AC 522 PNDCLM or IRSID research ENMOD/IMFOLE to ensure the questionable tax year has not already been marked. If the coding already exists, do not input a second code.

    Note:

    ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡

  4. Taxpayer entity modules can accommodate a limited number of transactions. Due to the entity limitations, we must also limit the number of TC 971 AC 522s applied to the account. Beginning January 2015, duplicate AC 522's will unpost and auto-void. Apply a TC 971 AC 522 only once per tax year affected by identity theft. If there is an existing TC 971 AC 522 PNDCLM/IRSID for the same tax year, do not apply a second code. The secondary date on command code REQ77 will reflect the tax year of the incident. If there is an existing TC 971 AC 522 PNDCLM or IRSID refer to the table below:

    IF THEN
    Your BOD or Function differs from that of the existing TC 971 AC 522 PNDCLM, NODCRQ, or IRSID for the same tax year

    Example:

    There is an existing TC 971 AC 522 PNDCLM input by WI FA for 2012. You are located in SBSE Compliance and have a TY 2012 issue.

    Reminder:

    NODCRQ is no longer a valid Tax Administration Source Code.

    Do not apply another indicator.
    For additional information regarding multiple tax years, refer to IRM 10.5.3.2.5.1
    You would have selected a different Tax Administration Code than was selected by the initial function receiving the documents.

    Example:

    There is a TC 971 AC 522 IRSID for TY 2013 and you would have input a PNDCLM

    Do not apply another indicator.
    For additional information regarding multiple tax years, refer to IRM 10.5.3.2.5.1
    There is an existing unreversed TC 971 AC 522 PNDCLM or IRSID and you determine the identity theft affected an additional tax year..

    Example:

    There is a TC 971 AC 522 PNDCLM for TY 2012 and you determine that TY 2011 was also affected by ID theft.

    Per the example, apply a TC 971 AC 522 PNDCLM for TY 2011.
    There is an existing TC 971 AC 522 PNDCLM for a tax year not affected by identity theft.

    Example:

    The taxpayer claims identity theft for TY 2013 and there is an existing TC 971 AC 522 PNDCLM for 2012 and you have determined TY 2012 was NOT affected by identity theft.

    Per the example, you will reverse the TC 971 AC 522 PNDCLM for tax year 2012. For additional information refer to IRM 10.5.3.2.7, Reversing Pending Identity Theft Claims - TC 972 AC 522 NORPLY or NOIDT.

    Caution:

    Command Code REQ77 will not accept a tax year that is seven years prior to the current date.

  5. Do not apply the AC 522 PNDCLM or IRSID to the SSN of a taxpayer when an ITIN taxpayer reports the misuse of the SSN. See IRM 10.5.3.2.9 (1) (d) Note, Closing Taxpayer Initiated Identity Theft Affecting Tax Administration - TC 971 AC 501, Documentation Provided.

    Example:

    In the course of performing an audit, the employee identifies an ITIN taxpayer has been working under the SSN belonging to another individual. The SSN owner is unaware of the misuse of his SSN. Do not apply the AC 522 to the commonly used SSN.

  6. All identity theft affected accounts will require resolution and the application of a closing identity theft marker (TC 971 AC 501 or TC 971 AC 506), as applicable.

10.5.3.2.5.1  (12-17-2014)
Taxpayer Initiated Allegations of Identity Theft - Pending Claim Identity Theft TC 971 AC 522 PNDCLM

  1. In situations where the taxpayer or the taxpayer's authorized representative as defined in IRM 21.3.7.5, Form 2848, Power of Attorney and Declaration of Representative and Form 8821, Taxpayer Information Authorization Overview, makes an allegation of identity theft, employees will mark the entity account, using Command Code (CC) REQ77 initiated from ENMOD to input a TC 971 AC 522 reflecting a Tax Administration Source Code PNDCLM, if none already exists. See Exhibit 10.5.3–12, for additional information.

    Reminder:

     If the taxpayer is alleging identity theft on more than one tax year, input AC 522 PNDCLM for each tax year, but only if a TC 971 AC 522 PNDCLM does not already exist for the specific year.

    Example:

    Taxpayer calls the IRS on March 13, 2011, regarding a CP 2000 notice for 2009. He states he did not earn the income reported nor did he reside in the state in which the income was earned. He suspects he may be a victim of identity theft. He has not experienced a previous identity theft issue. He is concerned that someone may be using his SSN without his permission for employment purposes and just recently, he received a notice from SSA cutting his benefits due to income reported for 2010 in which the taxpayer had no income. The Customer Service Representative (CSR) reviews the account and finds no prior identity theft indicators have been applied. The employee will input a TC 971 AC 522 PNDCLM initiating an identity theft case for both the 2009 and 2010 tax years..

    Reminder:

    If the taxpayer is alleging identity theft on more than one tax year, input AC 522 PNDCLM for the each tax year but only if a TC 971 AC 522 does not already exist. Refer to IRM 10.5.3.2.5, Initial Allegation or Suspicion of Tax-Related identity Theft - Identity Theft Indicators.

  2. When a taxpayer asserts identity theft, request the taxpayer provide identity theft supporting documentation. See IRM 10.5.3.2.6,Overview - Identity Theft Supporting Documentation.

    Caution:

    When a taxpayer files a return with identity theft documentation attached, Submission Processing (SP) Code and Edit employees will edit an SPC 8 on the paper return. The SPC 8 is transcribed and generates a TC 971 AC 522 WI SP PNDCLM. Beginning in 2014, the SPC 8 will generate an acknowledgement letter advising the taxpayer that the Service received his/her documents. The TC 971 AC 522 input to reflect complete and legible documents were received is not input until the documents have been reviewed by the assigned function. Refer to IRM 10.5.3.2.6, Overview - Identity Theft Supporting Documentation.

  3. There will be only one TC 971 AC 522 PNDCLM per tax year on the entity module.

    Example:

    Taxpayer calls IRS on May 15, 2011, claiming to be a victim of identity theft for a 2008 audit assessment. The Customer Service Representative (CSR) requests the taxpayer respond to examination with identity theft supporting documentation and applies the TC 971 522 PNDCLM to the 2008 account. On September 12, 2011, the taxpayer calls IRS claiming to be a victim of identity theft for the same 2008 audit assessment. The CSR reviews the account and finds there is no open IDRS controls and there is an un-reversed 522 PNDCLM. The CSR will follow IRM procedures for resolving the call. The CSR will not input another 522 PNDCLM as one is already present on the entity.

  4. Do not input more than one TC 971 AC 522 PNDCLM per tax year on the module. If, however the taxpayer is reporting identity theft and the account reflects a reversed TC 971 AC 522 PNDCLM, a new TC 971 AC 522 PNDCLM will be appropriate.

    Example:

    A taxpayer alleging identity theft contacted IRS on February 2, 2012 regarding tax year 2009. The employee requested supporting documentation from the taxpayer. On May 1, 2012, the employee input a TC 972 AC 522 NORPLY as the taxpayer did not provide the documentation requested. On June 3, 2012, the taxpayer provided the requested documents. The employee input a new TC 971 AC 522 PNDCLM and a TC 971 AC 522 to reflect receipt of documentation.

  5. If, at the time of case closure you find the Entity module has not been flagged with a TC 971 AC 522 PNDCLM, do not input this code at closing. Close the identity theft issue with TC 971 AC 50X, as appropriate.

10.5.3.2.5.2  (12-17-2014)
IRS Initiated Suspicion of Identity Theft - TC 971 AC 522 IRSID

  1. In situations where the IRS suspects identity theft may have occurred, employees will mark the entity account, using Command Code (CC) REQ77 initiated from ENMOD to input a TC 971 AC 522 reflecting a Tax Administration Source Code IRSID, and the tax year of the identity theft incident if no TC 971 AC 522 PNDCLM or IRSID already exists. See IRM Exhibit 10.5.3 -12, TC 971 AC 522 Tax-Related Identity Theft, Case Status (Initial Claim/Suspicion and Supporting Documents), for additional information.

    Reminder:

    If you suspect identity theft on more than one tax year, input TC 971 AC 522 IRSID for each tax year affected by identity theft. . Refer to IRM 10.5.3.2.5, Initial Allegation or Suspicion of Tax-Related identity Theft - Identity Theft Indicators.

    Caution:

    If the taxpayer has already self-identified as an ID theft victim, do not input TC 971 AC 522 IRSID.

  2. Apply the TC 971 AC 522 IRSID when you initially suspect ID theft may have occurred. Post filing Compliance programs should not enter TC 971 AC 522 IRSID until after the taxpayer has had an opportunity to respond to the IRS notice/letter.

    Reminder:

    If there is already an unreversed TC 971 AC 522 IRSID or PNDCLM do NOT input TC 971 AC 522 IRSID.

    Caution:

    Command Code REQ77 will not accept a tax year that is seven years prior to the current date.

  3. Do not input more than one TC 971 AC 522 IRSID per tax year on the entity module.

    Example:

    Accounts Management, while working a duplicate filing condition for the 2010 tax year, suspects an identity theft incident may have occurred. The TC 976 return appears to have been filed by the SSN owner at the address of record for many years. The TC 150 reflects income not supported by IRPTR, suspicious dependents and a different address from prior year filings. The CSR will review ENMOD/IMFOLE for an unreversed TC 971 PNDCLM or IRSID. If none are present, the CSR will input a TC 971 AC 522 IRSID initiating an identity theft case and follow their IRM procedures to resolve their case. If ID theft is suspected in an additional tax year, a TC 971 AC 522 IRSID will be applied for each tax year suspected of involving identity theft.

  4. IPSO considers an account with a TC 971 AC 522 IRSID and no subsequent TC 971 AC 506 (indicating a completely resolved account) an open identity theft case. Subsequently, if the case is deemed NOT to be identity theft, see IRM 10.5.3.2.7,Reversing Pending Identity Theft Claims - TC 972 AC 522 NORPLY or NOIDT.

  5. If, at the time of case closure you find the Entity module has not been flagged with a TC 971 AC 522 IRSID, do not input this code at closing. Close the identity theft issue with TC 971 AC 50X, as appropriate

10.5.3.2.5.3  (12-17-2014)
Identity Theft Case Building

  1. Generally, employees will use internal resources to research taxpayer accounts. Internal research includes, but is not limited to, use of Command Code IRPTR, past filing history, entity research, etc. See IRM 21.6.2.3,TIN-Related Problems Research, IRM 21.6.2.4.2,Multiple Individuals Using the Same TIN, and IRM 21.6.2.4.2.3,Preliminary Research for additional information about determining SSN ownership.

  2. If a determination of SSN ownership can not be made using internal research, the employee assigned may request the taxpayer provide identity theft supporting documentation. See IRM 10.5.3.2.6,Overview - Identity Theft Supporting Documentation. The employee will follow their functional IRM procedures established for requesting taxpayer information.

  3. In situations where you do not have the authority to work the case to resolution, follow your IRM procedures to refer the case to the appropriate function. For example, a CSR will follow their IRM 21.6.2.4.2.1, Telephone Inquiries Regarding MXEN, IDT1, IDT3, IDT8, IDT9 and Scrambled Cases and prepare a Form 4442 to refer taxpayer inquiries regarding mixed entity, identity theft, and Scrambled SSN cases.

10.5.3.2.6  (12-17-2014)
Overview - Identity Theft Supporting Documentation

  1. Taxpayers will notify the IRS when they believe they may have experienced an identity theft incident. In these instances, taxpayers alleging to be victims of identity theft will be required to provide documentation to substantiate identity theft incidents as detailed below:

    Note:

    In situations where the taxpayer initially asserts identity theft and provides supporting documents at the same time, mark the account with one TC 971 AC 522 reflecting receipt of documentation using the appropriate Tax Administration Source Code (INCOME, MULTFL, INCMUL, OTHER, or NOFR).

    1. Authentication of Identity - a copy of a valid U.S. federal or state government issued form of identification (examples include a driver’s license, state identification card, social security card, or passport).

      Note:

      IRS no longer accepts Puerto Rican birth certificates issued before July 1, 2010, due to new laws by the Government of Puerto Rico. Taxpayers with birth certificates issued before this date must get new documentation from the Puerto Rico Vital Statistics Record Office.

    2. Evidence of Identity Theft - a copy of a police report or Form 14039, IRS Identity Theft Affidavit.

      Note:

      The IRS affidavit, Form 14039, is accepted from taxpayers in support of an allegation of identity theft. This form collects only the information necessary for taxpayers to attest to the IRS that they either have experienced or are at risk of harm from identity theft. IRS only accepts the IRS affidavit or a police report for substantiation purposes. The IRS affidavit is also available in Spanish, Form 14039 SP.

      Note:

      When taxpayers contact the IRS indicating they have lost their wallet, experienced suspicious activity on their credit report, or have a tax related issue, IRS employees should direct them to complete Form 14039. As a reminder, this is not necessary if they have already obtained a police report. The police report is a valid form of identity theft substantiation. Taxpayers who submit police reports should not be directed to complete an IRS affidavit. Requirements for proof of identity (in addition to documentation substantiating identity theft) remain the same.

  2. Form 14039 is used to report both tax-related and non-tax related identity theft issues. The Form 14039 can be filed by either mail or fax following the instructions provided on the second page of the Form 14039.

    IF the taxpayer alleges identity theft and THEN
    The taxpayer was unable to file his/her return electronically because the primary and/or secondary SSN was misused Advise the taxpayer to attach Form 14039 and documentation to the back of his/her paper return and submit all to the IRS location where he/she normally files.
    The taxpayer already filed a paper return Advise the taxpayer to submit the Form 14039 and documentation to the IRS location where he/she normally files.
    The taxpayer is responding to a letter or notice he/she received Advise the taxpayer to submit Form 14039 and documentation with a copy of the notice or letter to the address contained in the notice or letter.
    Does not have a tax related issue Advise the taxpayer to mail the Form and documentation to:
    Internal Revenue Service
    PO. Box 9039
    Andover, MA 01810-0939
    Or fax the Form to (855) 807-5720.

    Note:

    See IRM 10.5.3.2.6.2, Complete and Legible Documents for additional information.

  3. If taxpayers do not provide supporting documentation when requested, proceed with case resolution assuming the taxpayer is not an identity theft victim. See IRM 10.5.3.2.7,Reversing Pending Identity Theft Claims - TC 972 AC 522 NORPLY or NOIDT.

  4. Supporting Documentation can be accepted from the taxpayer or someone who has power of attorney for the taxpayer (e.g., Form 2848,Power of Attorney and Declaration of Representative). Form 14039 requires a signature of the taxpayer or representative of taxpayer. See IRM 10.5.3.2.6.2, Complete and Legible Documents for additional information.

  5. Documents must be secured and handled in the same manner as other sensitive taxpayer information. Form 14039 retention will follow case retention procedures of the function working the case.

  6. The business unit function that is assigned the identity theft case (relevant open control) or issued the notice/letter relating to the identity theft (CP 2000, Audit Notice, Letter 239 C, etc.) is responsible for collecting supporting documentation in a timely, accurate, and secure manner, if applicable.

  7. The individual receiving Form 14039, the police report, or correspondence alleging identity theft will acknowledge receipt within 30 days of the IRS received date.

    Exception:

    ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡

    If And Then
    If the 30 day window for acknowledging receipt of the taxpayer documents has passed. You will be closing the case before the end of the next business day Do not issue a documentation acknowledgement letter. The closing contact will serve as both an acknowledgement of receipt of the taxpayer's documents and the closing contact.

    Caution:

    Exercise caution when acknowledging receipt of documentation by mail. The address on Form 14039 may be different from the address on ENMOD.

    Note:

    Taxpayer notification does not apply to employees securing documentation face to face from the taxpayer.

  8. After the receipt of the taxpayer's documentation, IRS will need to research the case to verify the taxpayer's claim. If it is later determined that identity theft did not occur, reverse the TC 971 AC 522 (see IRM Exhibit 10.5.3-13 TC 972 AC 522 - Reversal of the TC 971 AC 522).

    Note:

    A systemic notification letter that the substantiation is received is not sent to the taxpayer when an AC 522 is input. Refer to your functional IRM for the specific letter your function will use to notify the taxpayer that Form 14039 was received by the IRS. However, a systemic notification letter is sent once the case is resolved and the TC 971 AC 501 is applied to the taxpayer's account.

  9. Taxpayer accounts displaying a TC 971 AC 522 with any one of the following Tax Administration Source Codes:

    • INCOME

    • INCMUL

    • MULTFL

    • NOFR

    • OTHER


    indicate the taxpayer provided complete and legible documentation supporting identity theft for a specific tax year. See IRM 10.5.3.2.6.3,Marking Taxpayer Accounts When Accepting Identity Theft Supporting Documents.

    Caution:

    This excludes accounts marked with a TC 971 AC 522 reflecting "PPDS" as the BOD, "OPIP" as the Program, and "OTHER" as the Tax Administration Code.

    Caution:

    The submission of Form 14039 by a claimant is not proof of identity theft. Identity theft is determined only after reviewing pertinent case facts and circumstances.

  10. A taxpayer is required to provide supporting documentation to the IRS only once within the three year period for any year affected by identity theft. Any business unit that requires supporting documentation for an identity theft incident should use this documentation.

    Example:

    A taxpayer provides supporting documentation to Automated Underreporter (AUR). The next year, Automated Collection System (ACS) receives a call from the taxpayer about a balance due notice and indicates he or she does not owe because of identity theft related to the same incident reported to AUR. The taxpayer does not need to submit supporting documentation again.

  11. Supporting documentation is valid for a period of three years from the date IRS receives and processes the documentation for any year in which identity theft occurred. If the taxpayer experiences a new identity theft incident after the three year period expires, the taxpayer will need to submit new supporting documentation.

    Example:

    A taxpayer provides supporting documentation to the IRS in March 2007. The taxpayer contacts IRS in 2012 with a new incident of identity theft. The taxpayer would need to provide IRS with new supporting documentation.

    Example:

    A taxpayer’s wallet was stolen in 2009. He reported the incident to the IRS in June 2009 and provided supporting documentation. His account was marked with a TC 971 AC 504. In March 2012, the taxpayer contacts the IRS because someone else filed using his SSN. The taxpayer does NOT need to provide new supporting documentation as the current incident is within the 3 year period.

    Note:

    If the documents provided by the taxpayer were received more than three years ago but you are able to make a determination of identity theft using internal resources, do not request new documentation.

    Note:

    If the documentation received date is different from the processing date (TC 971 AC 522 date), use the most current to begin the 3 year period.

  12. Supporting documentation covers more than one tax year. The taxpayer does not need to submit documents for each year effected by identity theft. Only one TC 971 AC 522 reflecting documentation receipt is applied even if two or more years are effected by identity theft. The earliest tax year affected by identity theft will be input in the Secondary Date Field on command code REQ77.

    Example:

    In April 2010, the taxpayer received an AUR notice for his 2008 tax account. The taxpayer suspects he may be a victim of identity theft because he was unable to electronically file his 2009 return (someone had already filed under his SSN). The taxpayer provides supporting documentation to the IRS in May 2010 for the years 2008 and 2009. The TC 971 AC 522 indicating documents were received will reflect tax year 2008 (the earliest tax year affected).


    If there is an existing TC 971 AC 522 with any of the following Tax Administration Codes: INCOME, INCMUL, MULTFL, OTHER, or NOFR, refer to the table below:

    IF And THEN
    Your BOD or Function differs from that of the existing TC 971 AC 522 INCOME, INCMUL, MULTFL, OTHER, or NOFR The documents provided by the taxpayer fall within the three-year period as described in IRM 10.5.3.2.6 (11) Do not apply another indicator.

    Exception:

    If the three year validity date of the TC 971 AC 522 INCOME, INCMUL, MULTFL, OTHER, or NOFR will expire within 6 months of receipt of the new documentation, apply the indicator. Refer to IRM 10.5.3.2.6 (11) for additional information on the expiration of the indicator.

    You would have selected a different Tax Administration Code than was selected by the initial function receiving the documents The documents provided by the taxpayer fall within the three-year period as described in IRM 10.5.3.2.6 (11) Do not apply another indicator.

    Exception:

    If the three year validity date of the TC 971 AC 522 INCOME, INCMUL, MULTFL, OTHER, or NOFR will expire within 6 months of receipt of the new documentation, apply the indicator. Refer to IRM 10.5.3.2.6 (11) for additional information on the expiration of the indicator.

    The taxpayer is claiming two or more years affected by identity theft and one year is a MULTFL and the other is a NOFR

    Example:

    The taxpayer states in TY 2009, he had no income and was not required to file. In TY 2010, he did have a filing requirement and someone else filed a return using his PII.

      Apply only one TC 971 522 using the Tax Administration Code that pertains to the earliest tax year affected by identity theft. In this example use NOFR indicating document receipt because the TY 2009 account is the earliest year affected by identity theft.

    Note:

    Both the TY 2009 and TY 2010 will reflect a TC 971 AC 522 PNDCLM. .

    The taxpayer provided documents and ENMOD/IMFOLE contains a TC 971 AC 522 INCOME but the associated year is not the earliest tax year affected by identity theft.

    Example:

    There is an existing TC 971 AC 522 INCOME for tax year 2012. The taxpayer is reporting identity theft for 2010 as well.

     

    Note:

    Do not apply another indicator reflecting documentation receipt. Documents provided by the taxpayer cover multiple tax years. Review ENMOD to be certain there is a TC 971 AC 522 PNDCLM for both tax years. If missing, apply the missing indicator, unless you are closing the case.

  13. All identity theft affected accounts require resolution and the application of a closing identity theft marker (TC 971 AC 501 or TC 971 AC 506), as applicable.

10.5.3.2.6.1  (06-17-2014)
When to Request Identity Theft Supporting Documents

  1. Before requesting supporting documentation review the taxpayer's account (ENMOD/IMFOLE) to determine if a TC 971 (AC 501, 504, 505, 506, or 522) identity theft indicator already exists. If any of these indicators exists, follow the chart below.

    Reminder:

    Supporting documentation is valid for 3 years. Refer to IRM 10.5.3.2.6 (11) for additional information.

  2. Reviewing ENMOD/IMFOLE is necessary to help prevent duplicate (identical) TC 971 AC 522, 501, and 506 entries. While there may be multiple TC 971 AC 501 or AC 506 on an account, each will pertain to different tax year.

    IF AND THEN
    ENMOD/IMFOLE does not reflect any Identity Theft Tracking Indicators You cannot make an identity theft determination using internal resources Collect Supporting Documentation per IRM 10.5.3.2.6, Overview - Identity Theft Supporting Documentation.
    TC 971 AC 501 is present - Taxpayer initiated tax-related identity theft incident You cannot make an identity theft determination using internal resources and the documents on file exceed the three year validity period Collect Supporting Documentation per IRM 10.5.3.2.6, Overview - Identity Theft Supporting Documentation
    TC 971 AC 504 with one of the following Miscellaneous Codes indicating taxpayer initiated non-tax-related identity theft incident:
    • ACCT

    • BOTH

    • INCOME

    • NKI

    You cannot make an identity theft determination using internal resources and the documents on file exceed the three year validity period. Collect Supporting Documentation per IRM 10.5.3.2.6, Overview - Identity Theft Supporting Documentation
    TC 971 AC 505 is present

    Note:

    For more information about this indicator, see IRM 10.5.4.5.1.1, Applying Tracking Indicators to IRS Data Loss Incidents

    You cannot make an identity theft determination using internal resources Collect Supporting Documentation per IRM 10.5.3.2.6, Overview - Identity Theft Supporting Documentation
    TC 971 AC 506 is present - IRS initiated tax-related identity theft incident You cannot make an identity theft determination using internal resources Collect Supporting Documentation per IRM 10.5.3.2.6, Overview - Identity Theft Supporting Documentation
    TC 971 AC 522 with any of the following Administration Source Codes present:
    • INCOME

    • MULTFL

    • INCMUL

    • NOFR

    • OTHER

    • NODCRQ

    Note:

    This excludes accounts marked with a TC 971 AC 522 reflecting "PPDS" as the BOD, "OPIP" as the Program, and "OTHER" as the Tax Administration Code.

    The documents are within the three year period Do not collect documents as the taxpayer has already provided them
    TC 971 AC 522 with any of the following Administration Source Codes present:
    • IRSID

    • ≡ ≡ ≡ ≡

    You cannot make an identity theft determination using internal resources Collect Supporting Documentation per IRM 10.5.3.2.6, Overview - Identity Theft Supporting Documentation
    TC 971 AC 522 PNDCLM is present AND there is NO TC 971 AC 522 indicating document receipt

    Exception:

    Accounts marked with TC 971 AC 522 WI SP PNDCLM. SP inputs the TC 971 AC 522 to reflect document receipt with the return.

    You cannot make an identity theft determination using internal resources Collect Supporting Documentation per IRM 10.5.3.2.6.7, Overview - Identity Theft Supporting Documentation.

    Note:

    If the documentation is present on AMS/CIS, do NOT request the taxpayer resubmit the document. However, if no documentation is available and more than 45 days has passed since the taxpayer mailed the documents, request the taxpayer to resubmit and annotate AMS.

    Note:

    If a TC 971 AC 522 WI SP PNDCLM is present, request the original return. Identity theft documents will be attached to the return.

10.5.3.2.6.2  (12-17-2014)
Complete and Legible Documents

  1. When a taxpayer submits Form 14039, the Form 14039 and associated document(s) must be reviewed to determine if they are legible and complete.

    Note:

    An unsigned Form 14039 is considered incomplete.

  2. A document is considered legible when the following elements, as applicable to document type and IRS needs in determining the true SSN owner, are clear and easily read. Refer to IRM 10.5.3.2.6, Overview - Identity Theft Supporting Documentation for types of acceptable documents:

    • Name

    • Date of birth

    • Place of birth

    • Address

    • Date of issue

    • Expiration date

    If you have determined the documentation provided is complete and legible, initiate taxpayer contact to notify them the information requested has been received, if you have not already done so.

    Note:

    If the documentation provided is not complete or legible but you can make a determination through the use of internal research, resolve the identity theft issue. See IRM 21.6.2.3,TIN-Related Problems Research, IRM 21.6.2.4.2,Multiple Individuals Using the Same TIN, and IRM 21.6.2.4.2.3,Preliminary Research for additional information about determining SSN ownership. See IRM 10.5.3.2.11, IRS determined Identity Theft Affecting Tax Administration - TC 971 AC 506. Do not use TC 971 AC 501 when closing unless you have complete and legible documentation.

    Note:

    If only one digit or letter is not clear on the taxpayer provided document, calling the taxpayer to verify information is acceptable.

  3. When the documentation is NOT legible/complete and you can not make a determination using internal resources and research:

    IF THEN
    There is an open control in another function.
    Sending Employee
    1. Input TC 971 AC 522 PNDCLM (if there is already a TC 971 AC 522 PNDCLM for the tax year in question, do not input another).

    2. Forward the documentation to the employee assigned in the appropriate function.

    3. The sending employee will close their control after sending the case to the assigned (receiving) employee.


    Receiving (Assigned) Employee
    1. The receiving (assigned) employee will suspend the case and request the taxpayer provide legible and complete documentation within 30 days of the request.

    2. If the receiving (assigned) employee does not secure a taxpayer response within 45 days from the date of request, the TC 971 AC 522 PNDCLM will be reversed using TC 972 AC 522 NORPLY

    3. The receiving (assigned) employee will close identity theft issue and resolve/address remaining issues as appropriate.

    If you have an open case

    Exception:

    AM IPSU employees will begin monitoring process when Multi-Function Criteria is met. Refer to IRM 21.9.2.3.3, Tax-Related Identity Theft (IPSU Toll-Free line CSRs only).

    1. Input TC 971 AC 522 PNDCLM (if there is already a TC 971 AC 522 PNDCLM for the tax year in question, do not input another).

    2. Contact the taxpayer and request the taxpayer provide legible and complete documentation within 30 days of the request.

    3. If you do not receive a taxpayer response within 45 days from the date of request, reverse TC 971 AC 522 PNDCLM using TC 972 AC 522 NORPLY.

    4. Close identity theft issue and resolve/address remaining issues as appropriate.

    There is no open control in another function.
    1. Input TC 971 AC 522 PNDCLM (if there is already a TC 971 AC 522 PNDCLM for the tax year in question, do not input another).

    2. Return the documents to the taxpayer explaining what is needed.

      Note:

      Refer to your functional guidance.

    3. Advise the taxpayer to respond with complete legible documents within 30 days of the request.

    4. Close identity theft issue and resolve/address remaining issues as appropriate.

    Note:

    Exercise caution when contacting the taxpayer by mail. If the address on Form 14039 differs from the address on ENMOD, correspond to the address on Form 14039.

  4. Once documents have been verified as complete and legible, mark the account with a TC 971 AC 522 and the appropriate Tax Administration Source Code, see IRM 10.5.3.2.6.3, Marking Taxpayer Accounts When Accepting Identity Theft Supporting Documentation and Exhibit 10.5.3-12, TC 971 AC 522 - supporting Documentation Received by IRS.

10.5.3.2.6.3  (12-17-2014)
Marking Taxpayer Accounts When Accepting Identity Theft Supporting Documents

  1. Upon receipt of complete and legible documents, mark the taxpayer's account using Command Code (CC) REQ77 initiated from ENMOD to input a TC 971 AC 522 reflecting an appropriate Tax Administration Source Code depending upon the facts and circumstances of the case. Refer to IRM 10.5.3.2.6, Overview - Identity Theft Supporting Documentation and IRM Exhibit 10.5.3-12, TC 971 AC 522 - Supporting Documentation Received by IRS for additional information.

    Reminder:

    Only one TC 971 AC 522 reflecting documentation receipt is applied on the earliest year when two or more years are affected by identity theft. All tax years potentially affected by identity theft will have reflect a TC 971 AC 522 PNDCLM or IRSID.

    Caution:

    Command Code REQ77 will not accept a tax year that is seven years prior to the current date.

  2. There are five Tax Administration Source Codes that apply when marking accounts to reflect receipt of acceptable documents.

    1. INCOME - used when income has been reported under the taxpayer's SSN without their consent or knowledge.

    2. MULTFL -used when two or more returns are filed for the same tax period under the same SSN.

    3. INCMUL - used when both INCOME and MULTFL apply.

    4. NOFR - used when the taxpayer is not required to file a return.

    5. OTHER - used when the situation does not fit any Tax Administration Source Code Type.

    Caution:

    Review the Form 14039 for the year(s) affected by identity theft. Be sure to include only those years where identity theft is suspected when marking the taxpayer's account.

  3. The TC 971 AC 522 (INCOME, MULTFL, INCMUL, NOFR, and OTHER) are only applied to a taxpayer's account when complete and legible supporting documentation has been received by the IRS.

  4. After receipt of the taxpayer's documentation, the employee assigned will need to research the case to verify the taxpayer's claim. If it is later determined that identity theft did not occur, reverse the TC 971 AC 522 (see IRM Exhibit 10.5.3 - 13 TC 972 AC 522 - Reversal of the TC 971 AC 522). Follow your IRM procedures to notify the taxpayer of actions you took to resolve the issues.

  5. A systemic notification letter that the supporting documents were received is not sent to the taxpayer when an AC 522 is input. However, a systemic notification letter is sent on some identity theft cases once the case is resolved and the TC 971 AC 501 is input.

10.5.3.2.6.4  (06-17-2014)
TC 971 AC 522 NODCRQ

  1. Beginning July 1, 2014 Administration Source Code "NODCRQ" is no longer a valid entry. This code has been made obsolete.

10.5.3.2.6.4.1  (01-16-2014)
When to Update the Victim's Address

  1. Once you have verified that you are dealing with the victim of identity theft and confirmed he/she is the SSN owner, you will need to verify that the address posted on ENMOD/IMFOLE is the correct address. When a return filed by a non SSN owner posts to an account as a TC 150, the address on ENMOD is updated to the address on that return. Therefore, it is important to make timely entity corrections to prevent the issuance of correspondence or refunds to the wrong address.

    Exception:

    Updating the address on controlled identity theft cases does not apply to telephone assistors or Field Assistance employees. Addresses are only updated by employees assigned to research and resolve identity theft cases only after an SSN determination has been made. Refer to IRM 21.6.2.4.2.1(1), Telephone Inquiries Regarding MXEN, MXSP, IDT1, IDS1, IDT3, IDS3, IDT6, IDT8, IDT9, IDS9, and Scrambled Cases, IRM 21.3.4.11.2 , Taxpayer Requests for Address Change, and IRM 21.1.3.20 , Oral Statement Authority for additional information.

  2. After confirming the person you are working with is the SSN owner, correct the address as appropriate. Refer to IRM 21.2.4.3.5 , Address Change/Correction, and to IRM 21.3.4.11.2, Taxpayer Requests for Address Change. Correcting the address as early as possible may prevent disclosure of taxpayer information.

    Note:

    The submission of Form 14039 by a claimant is not proof of identity theft and address changes should not be based solely on receipt of this form. Form 14039 should be used in conjunction with other key information to make decisions related to verifying taxpayer information. Refer to IRM 10.5.3.2, IMF Identity Theft Research for additional information.

10.5.3.2.7  (12-17-2014)
Reversing Pending Identity Theft Claims - TC 972 AC 522 NORPLY or NOIDT

  1. There may be situations when it is necessary to reverse a pending identity theft claim (taxpayer allegation of identity theft).

  2. A pending identity theft claim is an account with an unreversed TC 971 AC 522 and no subsequent TC 971 AC 50X.

  3. Taxpayer Does Not Respond to Requests For Supporting Documentation - NORPLY: When a taxpayer alleges identity theft and has not provided the supporting documents requested within the prescribed time period, mark the taxpayer's account using Command Code (CC) REQ77 initiated from ENMOD to input a TC 972 AC 522 reflecting a Tax Administration Source Code NORPLY, and the tax year of the identity theft incident. See Exhibit 10.5.3 -13, TC 972 AC 522 - Reversal of TC 971 AC 522 for additional information.

    Example:

    On February 14, 2011, the taxpayer contacted SBSE Exam regarding a 2009 statutory notice of deficiency. The taxpayer claimed that he MUST be a victim of identity theft as someone else claimed his dependents. The exam employee input a TC 971 AC 522 PNDCLM to flag the account as potential identity theft and requested the taxpayer provide supporting documentation within the next 30 days. The case was put into suspense for 45 days. The taxpayer did not respond. On April 18, 2011, the exam employee reversed the pending identity theft claim using TC 972 AC 522 NORPLY and continued to work the case using normal exam procedures.

    Reminder:

    If the taxpayer does not provide supporting documentation when requested, proceed with case resolution assuming the taxpayer is not an identity theft victim.

  4. Identity Theft Did NOT Occur - NOIDT: When a taxpayer alleges identity theft and it is determined that ID theft did not occur, reverse the pending claim using Command Code (CC) REQ77 initiated from ENMOD to input a TC 972 AC 522 reflecting a Tax Administration Source Code NOIDT, and the tax year of the identity theft incident. See IRM Exhibit 10.5.3-13, TC 972 AC 522 - Reversal of TC 971 AC 522 for additional information. Follow your IRM procedures to notify the taxpayer of actions you took to resolve the issues.

    Example:

    Taxpayer asserted he might be a victim of identity theft on February 12, 2011, when he filed Form 14039 and personal identification at his local Taxpayer Assistance Center (TAC). The TAC employee verified a return was already filed for the taxpayer under his SSN and input two TC 971 AC 522s. One indicating a pending claim of identity theft (TC 971 AC 522 PNDCLM) and a second indicating the documents provided were legible and complete (TC 971 AC 522 MULTFL). The TAC employee sent the return for processing. Several weeks later, the return posted to the taxpayers account as a TC 976. On May 24, 2011, the taxpayer calls toll-free and reports he made an error on his 16 year-old son’s return. The taxpayer inadvertently used his own SSN when completing his son’s return. The son’s return is posted as the TC 150 return. No identity theft occurred. The IRS employee inputs comments on AMS and makes a referral to the employee assigned the duplicate filing (DUPF) case. The employee assigned the DUPF will reverse the TC 971 AC 522 PNDCLM from taxpayer’s account by marking the taxpayer’s account with a TC 972 AC 522 NOIDT, indicating the identity theft claim has been rescinded.

  5. If you determine the account already reflects a TC 971 AC 522 PNDCLM or IRSID and the associated tax year is incorrect:

    IF AND Then
    The taxpayer is reporting identity theft in TY 2012 but ENMOD reflects a TC 971 AC 522 PNDCLM or IRSID for TY 2013 And there was no identity theft in 2013
    1. Confirm there was no identity theft incident in TY 2013

    2. Reverse the TY 2013 AC 522 using TC 972 AC 522 IRSERR

    3. Input TC 971 AC 522 IRSID or PNDCLM for the correct tax year (if none already exists)

    The taxpayer is reporting identity theft in TY 2012 but ENMOD reflects a TC 971 AC 522 PNDCLM for TY 2013 And there was ID theft in both tax years
    • Input a TC 971 AC 522 PNDCLM for TY 2012.

    There is a posted TC 971 AC 522 PNDCLM or IRSID for TY2011 and a history for TY 2012 (H,PNDCLM2012) And you determine no identity theft occurred in either tax year Reverse the TY 2011 indicator using TC 972 AC 522 NOIDT.
    Leave the following history H, "NOIDT2012" .
    There is a posted TC 971 AC 522 PNDCLM or IRSID And the taxpayer did not respond to your request for documentation Reverse the indicator using TC 972 AC 522 NORPLY.

    Reminder:

    Update existing history items, if applicable.

  6. Refer to IRM Exhibit 10.5.3-13,IMF Only TC 972 AC 522 - Reversal of TC 971 AC 522 for additional information on reversing Action Code 522 applied in error or for other specific reasons.

10.5.3.2.8  (12-17-2014)
Closing Identity Theft Issues

  1. Case Closure Analysis: Perform case closure analysis to ensure all identity theft related issues have been addressed and resolved. This includes but is not limited to:

    • Review both prior (a minimum of three prior years) and subsequent years for apparent evidence of unresolved identity theft issues;

      Example:

      The SSN owner filed for the first time in 2011. A review of the accounts indicates returns were filed for tax years 2009 and 2010. While the taxpayer did not include the tax years 2009 and 2010 on the Form 14039, it is clear that these years were not filed by the SSN owner.

    • Release notice or enforcement holds as appropriate;

    • Ensure the victim received their appropriate refund; And

    • Verify and update the taxpayer's address.

    • Refer issues identified during case closure analysis to another function, ONLY when you cannot resolve the case within your own function.

    • Correcting the taxpayer's address;

    • Adjusting the account to the taxpayer's figures;

    • Advising the taxpayer of actions taken; and

    • Issuing the taxpayer's correct refund.

  2. Back-End Work - The following actions are considered back-end work necessary to finish case resolution after the identity theft issues are resolved. These actions have no affect on the taxpayer (victim of identity theft).

    • Waiting for a perpetrator's return to post to an IRSN; or

    • Transferring an assessment using TC 400 procedures.

  3. The input of the AC 50X will not, in every case, coincide with the closing of the control base. There may be additional back-end work to be completed before the control base can be closed. Do not wait until all the additional back-end work is completed before inputting the protective TC 971 AC 501/506 on the taxpayer's account, for example completing TC 400 procedures.

    Caution:

    The importance of updating the address prior to inputting the TC 971 AC 501/506 cannot be stressed enough. If the address is not updated appropriately, the victim notification letter will go to the wrong address. In addition, failure to follow the appropriate sequence could result in the Identity Protection Personal Identification Number (IP PIN) being sent to the ID thief instead of the ID theft victim. Refer to IRM 10.5.3.2.15, Identity Protection Personal Identification Number (IP PIN).


    The AC 501 cannot be input until the taxpayer is no longer harmed by identity theft issues impacting tax administration. The TC 501 indicates all identity theft tax administration issues have been resolved from the taxpayer's perspective.

    Example:

    An identity thief's return posted to the victim's 2010 account first. The victim was expecting a refund for 2010. In 2007, the victim was assessed by exam for underreporting income originating from the identity theft. The victim did not have a filing requirement in 2007. Prior to marking ENMOD with a TC 971 AC 501, the employee assigned MUST:
    ENSURE the victim's address has been verified and updated on ENMOD.
    Adjust the 2010 account to the taxpayer's figures and issue a correct refund to the victim.
    Suspend all collection activity.

    Note:

    The correction of the 2007 account is considered back-end work. From the taxpayer's perspective, the account is resolved.

  4. A case control must be maintained until all back-end work is completed.

  5. Prior to moving a case into back-end casework, the outstanding issues must be cleared through the IPSO if they are not addressed in 10.5.3.2.8 (3). Your Headquarters representative from your functional area will coordinate with IPSO.

  6. The employee assigned the case will close the identity theft issue by marking the account with either a TC 971 AC 501 for taxpayer initiated identity theft supported by taxpayer provided documentation or a TC 971 AC 506 for IRS determined identity theft (no documentation required). These action codes (501 and 506) provide the taxpayer protection against future occurrences of identity theft.

10.5.3.2.9  (12-17-2014)
Closing Taxpayer Initiated Identity Theft Affecting Tax Administration - TC 971 AC 501, Documentation Provided

  1. To indicate resolution of a taxpayer initiated identity theft claim supported by documentation, mark the victim's account using Command Code (CC) REQ77 initiated from ENMOD, to input a TC 971 AC 501 reflecting an appropriate Tax Administration Source Code depending upon the facts and circumstances of the case along with the tax year of the identity theft incident. The AC 501 is applied to a taxpayer's account when all of the following occur:

    1. The identity theft incident was taxpayer initiated and supported by taxpayer documentation, or the identity theft incident was IRS determined but taxpayer documentation was required to resolve all issues.

    2. All corrective actions have been taken. This includes verifying and updating the taxpayer's address on ENMOD, as applicable (excludes back-end work), see IRM 10.5.3.2.8 (3),Closing Identity Theft Issues.

      Caution:

      Marking the account with AC 501 prior to correcting the victim's address may result in the issuance of the victim notification letter to an incorrect address and may allow an identity thief's return to post while the legitimate taxpayer's return will unpost.

      Note:

      See IRM 21.6.2.4.2,Multiple Individuals Using the Same TIN.

    3. The taxpayer's identity theft affects tax administration.

    4. The taxpayer provided complete and legible supporting documentation.

      Note:

      ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡

    5. Perform case closure analysis to ensure all identity theft related issues have been addressed and resolved. Refer to IRM 10.5.3.2.8,Closing Identity Theft issues.

    Note:

    The input of the AC 501 will not, in every case, coincide with the closing of the control base. Refer to IRM 10.5.3.2.8,Closing Identity Theft issues.

    • Verifying and updating the taxpayer's address MUST be done before inputting the TC 971 AC 501.

  2. TC 971 AC 501 can be input by any business unit delegated the authority and programmed to use this code when closing identity theft issues supported by taxpayer documentation.

    Example:

    A taxpayer contacts AUR about a CP 2000 notice. In the course of working the case, AUR determines the taxpayer is a victim of identity theft. The victim provides AUR with supporting documentation. AUR will verify the taxpayer's address, take appropriate action and close the case with a TC 971 AC 501.

    Note:

    For additional information on TC 971 AC 501 refer to Exhibit 10.5.3-4.

  3. Generally, there will be only one TC 971 AC 501 per tax year. However, some automated systems are not programmed to look for an existing TC 971 AC 501 for a specified tax year and in those instances, the automated system may have applied a second AC 501 to the account.

  4. If more than one year is affected by identity theft and resolved, the employee will enter the corresponding TC 971 AC 50X for each year.

    Caution:

    Command Code REQ77 will not accept a tax year that is seven years prior to the current date.

10.5.3.2.9.1  (12-17-2014)
Actions Taken After TC 971 AC 501 Placed on Account

  1. Notice CP 01,Identity Theft Claim Acknowledgment, is used for victim notification on identity theft issues closed with a TC 971 AC 501. CP 01 systemically generates two posting cycles after the TC 971 AC 501 is input, depending upon when the taxpayer's account adjustment is completed. The CP 01 is issued only once within a three year period.

    IF THEN
    There are no AC 501 within the three year period on the taxpayer's entity (ENMOD or IMFOLE). A CP 01 will be issued to the taxpayer.
    The taxpayer's entity (ENMOD or IMFOLE) contains an unreversed TC 971 AC 501 and the CP 01 was issued within the three year period.

    Example:

    There is an AC 501 for the 2010 TY input on July 15, 2012. You are resolving the 2012 TY on March 14, 2014. A CP 01 will not be issued.

    A CP 01 will not be issued. You will need to send the taxpayer a closing letter.


    CP 01 contains the following information:

    1. Confirmation that the supporting documentation was received and accepted

    2. Information about how the IRS will monitor the taxpayer's account and income tax returns

    3. Information about identity theft prevention and available identity theft-related resources

    Note:

    Letter 4445 C, Acknowledgement Notification, was previously used for victim notification for TC 971 AC 501s input through June 30, 2009. Letter 4445 C may be used in those instances where taxpayers indicate they never received Notice CP 01.

    Note:

    A Notice CP 01, is not applicable to, and does not systemically generate when a TC 971 AC 506 is applied to a taxpayer's account.

  2. The taxpayer should continue to file tax returns each tax year, as appropriate.

  3. ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡
    ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡

  4. The presence and date of the TC 971 AC 501 on an account should be used as a data point, along with other key information, to make case-related decisions. The existence of the identity theft indicator should not supersede or replace existing procedures for case resolution.

  5. ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡

10.5.3.2.9.2  (01-16-2014)
Manually Reversing TC 971 AC 501

  1. In some instances, it may be necessary to manually reverse TC 971 AC 501. Reversal may be necessary because of any of the following reasons:

    1. TPRQ- The taxpayer requests reversal.

    2. IRSERR- There was a keying or internal error in the input of the TC 971 AC 501.

    3. FALSE- The original identity theft claim was fraudulent.

    4. IRSADM- The TC 971 AC 501 has an internally identified negative affect on the taxpayer.

    5. OTHER- There are other reasonable circumstances not listed above.

    Note:

    Be sure to select the correct code. If codes a-d above are not applicable, use OTHER. Refer to IRM Exhibit 10.5.3–5 for additional information.

  2. Actions needed prior to manually reversing an identity theft marker at the taxpayer’s request:

    1. If this is a telephonic request, be certain that you are speaking with the taxpayer. Inadequate authentication of the identity of a caller could result in an unauthorized disclosure of return or return information. Refer to IRM 21.1.3.2.3, Required Taxpayer Authentication and IRM 21.1.3.2.4, Additional Taxpayer Authentication.

    2. Ask probing questions to determine why the taxpayer is requesting indicator removal and document AMS, or the case history if you do not have access to AMS, with the taxpayer’s response. For example, can you provide the reason why you would like this protection removed from your account?

    3. Explain to the taxpayer the indicator will:
      Help prevent future identity theft incidents;
      Ensure any returns filed are reviewed for identity theft indications; and
      Include the issuance of an IP PIN for as long as the indicator remains active.

    4. If the taxpayer insists on removal of the identity theft indicator after you have explained the benefits, review the account to determine if the identity theft issue is open in another function. If there is an open identity theft case, refer the case to that function using your normal referral procedures. Do not take actions on identity theft cases being worked by another function.

10.5.3.2.10  (01-16-2014)
IMF Identity Theft Worked by Certain Functions

  1. Functional employees assist taxpayers who are, or may become, victims of identity theft. Some functions have unique procedures for identity theft case resolution.

10.5.3.2.10.1  (12-17-2014)
The Identity Protection Specialized Unit (IPSU) and Referrals to Other Functions on Form 14027-B

  1. The Identity Protection Specialized Unit (IPSU) in Wage & Investment, Accounts Management, was established on October 1, 2008, to assist taxpayers who are, or may become, victims of identity theft. Part of IPSU's responsibilities include monitoring taxpayer cases that are open in more than one IRS function. Refer to IRM 10.5.3.2.10.1.1, IPSU Monitoring Multiple Function Criteria (MFC) Accounts for additional information on the monitoring process. The IPSU will refer cases via Form 14027-B,Identity Theft Case Referral, to other functions when an individual with a tax-related identity theft issue has called the IPSU. The form is used to notify functions that an IPSU caseworker will be monitoring case activity and following up on a regular basis. Form 14027-B will be routed through designated Identity Theft Liaisons (see SERP/Who/Where - Identity Theft Liaisons - Functional) and forwarded to functional employees. For additional information, refer to IRM 21.9.2.4.2, Self Identified - Non-Tax-Related Identity Theft – IDT4 .

    Note:

    In situations where IPSU receives a complete and legible Form 14039, Identity Theft Affidavit, the IPSU employee will mark the taxpayer's account to reflect documentation receipt. However, if IPSU did not receive Form 14039 or if the Form 14039 was incomplete or illegible, the function receiving Form 14027-B is responsible for securing Form 14039 and supporting documents from the taxpayer.

  2. See IRM 21.9.2.2, Identity Theft-Expanded Procedures and IRM 10.5.3.2.10.1.1, IPSU Monitoring Multiple Function Criteria (MFC) Accounts for additional information regarding the duties and responsibilities of the IPSU, including the monitoring of identity theft cases with open controls referred from the IPSU to other functions.

10.5.3.2.10.1.1  (12-17-2014)
IPSU Monitoring Multiple Function Criteria (MFC) Accounts

  1. IPSU will monitor taxpayer accounts affected by identity theft when resolution requires actions/resolution by multiple IRS functions. Multiple Function Criteria (MFC) is defined as an identity theft case requiring resolution across functions. Refer to IRM 21.9.2.4.3, Multiple Function Criteria (MFC) – IDTX for additional information.

  2. When a function is working to resolve a tax related IDT issue involving only their function, and they identify a second issue that will require crossing functional lines for resolution, an IDT referral Form 14027-A must be completed and forwarded to IPSU to begin monitoring. The originating function will be required to continue with their function's procedures to resolve the tax related IDT issue. Refer to IRM 10.5.3.2.3, Multiple Function Criteria (MFC) Cases requiring referral to IPSU for Monitoring.

  3. Once IPSU confirms the referral meets MFC, IPSU will initiate the monitoring process. IPSU will issue the Form 14027 B per IRM 21.9.2.4.2. IPSU will place a monitoring control on the taxpayer’s accounts to ensure that all taxpayer issues have been resolved prior to case closure. Additionally, IPSU will issue a reminder e-mail to the functional employee on the 165th day of the case (based on the IRS received date of the case) that either an interim or closing letter is required. Refer to IRM 21.9.2.4.3(9) for additional information.

    Caution:

    If the case meets ITAR criteria, see IRM 10.5.3.2.10.1.3, Functional Responsibilities Regarding Referrals Meeting TAS Criteria 5-7, Identity Theft Assistance Requests (ITAR) to the IPSU.

  4. Once all IDRS controls have closed and the tax-related issues are resolved in all functions, IPSU will perform a global account review to ensure that all taxpayer issues were resolved by the responsible functions. For additional information refer to IRM 21.9.2.6, Global Review.

  5. Form 14027-B Functional Responsibility - When functional employees receive a Form 14027-B from their functional liaison, they are responsible for all of the following:

    • Acknowledging receipt of the form by filling out Section V on page 2 of the form and notating receipt of Form 14027-B on IDRS or AMS.

      Exception:

      SB/SE Field Examiners do not use IDRS nor AMS. These examiners use their normal case history worksheet to notate receipt of Form 14027-B.

    • Providing status updates to the taxpayer (interim letters or phone calls);

    • Recording periodic history entries (every 60 days) on IDRS or AMS after the initial 180 day follow-up time frame expired. For additional information, refer to IRM 21.9.2.4.3 (9) step 5, Multiple Function Criteria (MFC) – IDTX;

    • Returning the form to the IPSU caseworker upon resolution of the case through your liaison; And

      Note:

      If the case received in the unit is forwarded to another function for action, functional employees will return Form 14027-B, with section VI completed, to the IPSU identity theft caseworker through their liaison.

    • When the case is resolved by the responsible function and the control is closed, the functional employee will complete Form 14027-B through Section VIII and return it to the IPSU through their liaison.

10.5.3.2.10.1.2  (12-17-2014)
The Identity Protection Specialized Unit (IPSU) and Referrals to Other Functions on Form 14103

  1. When functional employees receive a Form 14103, Identity Theft Assistance Request (ITAR), from the IPSU, functional employees will take the following actions:

    1. Acknowledge receipt of identity theft cases referred using Form 14103 within 5 business days via secured E-mail or fax number provided by the AM IPSU employee on the Form 14103, Section II, Box 3.

    2. Process identity theft cases referred using Form 14103 as priority.

    3. Review Section IV, Specific Assistance Requested, and determine whether the recommended action is appropriate and the requested completion date is reasonable.

      Reminder:

      Be sure to contact IPSU prior to the expiration of the negotiated completion date. If the negotiated completion date entered on box 3 and 4 in Section IV has elapsed, then a status update and new completion date must be provided to AM IPSU. Refer to IRM 21.9.2.9, Identity Theft Assistance Request (ITAR) - General Information, and IRM 21.9.2.9.1, Overview of ITAR for AM IPSU CSRs only, for additional information on negotiating completion dates.

    4. Contact the IPSU employee shown in Section II if there are questions regarding the recommended action or if additional time is required. The function and IPSU employees should reach an agreement on the substantive case issues, recommended actions, and follow-up and completion dates.

    5. Provide the taxpayer with the required interim updates and official closing documents as directed in their IRM and provide copies to the AM IPSU Caseworker.

    6. The function employee/liaison will return the Form 14103 to the IPSU CSR with Section V and VI completed via CIS or fax when CIS is not available.

      Note:

      Refer to IRM 21.9.2.9, Identity Theft Assistance Request (ITAR) - General Information for further information regarding the Identity Theft Assistance Request.

10.5.3.2.10.1.3  (06-17-2014)
Functional Responsibilities Regarding Referrals Meeting TAS Criteria 5-7, Identity Theft Assistance Requests (ITAR) to the IPSU

  1. As part of the Identity Theft Program, the AM IPSU Team will generally assist taxpayers whose situations meet TAS criteria 5 - 7 AND involve identity theft. Applicable cases will now be considered IPSU criteria and MUST be referred to AM IPSU. See IRM 21.9.2.9, Identity Theft Assistance Request (ITAR) - General Information and IRM 13.1.16.9.7, Criteria 5-7 Identity Theft Cases Eligible for Referral to Identity Protection Specialized Unit (IPSU) for additional information.

  2. Review ENMOD/IMFOLE to determine if the entity module has already been marked with a TC 971 AC 522. If the account has not been flagged with an identity theft tracking indicator, mark the account as appropriate. See IRM 10.5.3.2.5, Initial Allegation or Suspicion of Tax Related identity Theft - Identity Theft Indicators, and IRM 10.5.3.2.6, Identity Theft Supporting Documentation, for assistance in determining the correct identity theft tracking indicator.

  3. Notify the taxpayer by sending Letter 86 C, Referring Taxpayer Inquiry/Forms to Another Office, or other applicable letter to inform the taxpayer he/she can expect contact from the IPSU within 7 business days from the date of receipt.

10.5.3.2.10.2  (12-17-2014)
Identity Theft Identified by Criminal Investigation

  1. TC 971 AC 506 is applied to a taxpayer's account when Criminal Investigation (CI) identifies identity theft incidents that have tax administration effect. Such incidents can occur when a taxpayer's identity is stolen via phishing or refund schemes verified by CI.

  2. CI refers cases to Return Integrity Correspondence Service (RICS) AM Taxpayer Assurance Program (TAP) to input TC 971 AC 506 on an account regardless of the existence of any other identity theft indicator code (AC 501, 504, or 505) that may be present on the account.

  3. See IRM 10.5.3.2.11, IRS-Identified Identity Theft Affecting Tax Administration - TC 971 AC 506 and Exhibits 10.5.3-10, IMF Only TC 971 AC 506 — IRS Determined Tax-Related Identity Theft Case Closure and 10.5.3-11, IMF Only TC 972 AC 506 Tax-Related, Reversal of Identity Theft Case Closure, No Taxpayer Provided Documents for more information about this identity theft indicator.

10.5.3.2.10.3  (12-17-2014)
Identity Theft Identified by Accounts Management

  1. Accounts Management inputs a TC 971 AC 501 when resolving taxpayer initiated identity theft supported by taxpayer documentation.

  2. Accounts Management closes an identity theft issue by inputting TC 971 AC 506 on the account of the "determined owner" of an SSN, following procedures for TIN-related problem cases. Specifically, Accounts Management (AM) conducts research to determine the owner of the SSN. If ownership is determined and research indicates that intentional misuse of the SSN is involved, AM inputs a TC 971 AC 506. See IRM 10.5.3.2.11,IRS-Identified Identity Theft Affecting Tax Administration - TC 971 AC 506 and Exhibits 10.5.3-10 and 10.5.3-11 for more information about this identity theft indicator.

  3. Additional guidance for procedures used by AM employees is located in the following IRMs:

    • IRM 21.6.2, Adjusting TIN-Related Problems

    • IRM 21.9.2, Individual Master File (IMF) Accounts Management Identity Theft


More Internal Revenue Manual